Security updates from SonicWALL
SonicWALL has released updates for firmware versions SonicOS 3.x and SonicOS 4.x on Generation 4 firewall appliances, aimed at fixing a logging-related format string vulnerability. In certain cases, this can cause a crash, followed by a reboot. According to the vendor, Generation 5 appliances are not affected. The discoverer of the vulnerability, service provider SEC Consult, says that SonicWALL was informed of the vulnerability in 2006 and repeatedly failed to respond to their communications.
Just a few weeks ago SonicWALL was forced to issue an update for its SSL VPN 200, 2000 and 4000 appliances in order to fix a format string vulnerability. In that case it was reportedly possible to remotely read memory and possibly to inject and execute code. The discoverer of these vulnerabilities also reported difficulties in contacting SonicWALL and in getting information on the vulnerabilities to them.
- SonicOS Vulnerability, report from SonicWALL.
- Vulnerabilities in Nortel and SonicWALL products
- SonicWALL - SSL-VPN Remote Access, report from aushack.com.