OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: DoS in Sonicwall SOHO firewall
From: Raptor (raptor0XDEADBEEF.EU.ORG)
Date: Wed Nov 29 2000 - 08:41:59 CST


Hi,
i was just playing a bit with a Sonicwall SOHO firewall, to verify
performances and security of the product. I've noticed that using a
very long string (some hundreds of chars) as the User Name in the auth
page of the Sonicwall web server, the firewall reacts strangely: it
begins to refuse connections to the 80/tcp port and it stops routing
packets from the internal LAN. After about 30 seconds it apparently
returns normal.

I've verified this behaviour on Sonicwall SOHO firmware version 5.0.0, ROM
version 4.0.0. Anyway access to the configuration web server from the
external network is NOT enabled by default.

I contacted the vendor in the person of Todd Koopman <toddksonicwall.com>
and he said they already know that issue and they're going to fix it in
the next firmware release. I would like to thank him for the rapid
answer: i decided to post this vuln to BUGTRAQ 'cause i think customers
want to know the issue and eventually disable external access to the
Sonicwall web server. Also, some other similar products may be vulnerable
to the same bug.

I suggest the Sonicwall team to set up an e-mail account to receive
security reports about their products: i apologize if they already have
one, i wasn't able to find it on their website www.sonicwall.com.

Sincerely,

:raptor
Antifork Research, Inc. Mediaservice.net Srl
http://raptor.antifork.org http://www.mediaservice.net