In association with heise online

10 June 2009, 11:03

Security updates from SonicWALL

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

SonicWALL has released updates for firmware versions SonicOS 3.x and SonicOS 4.x on Generation 4 firewall appliances, aimed at fixing a logging-related format string vulnerability. In certain cases, this can cause a crash, followed by a reboot. According to the vendor, Generation 5 appliances are not affected. The discoverer of the vulnerability, service provider SEC Consult, says that SonicWALL was informed of the vulnerability in 2006 and repeatedly failed to respond to their communications.

Just a few weeks ago SonicWALL was forced to issue an update for its SSL VPN 200, 2000 and 4000 appliances in order to fix a format string vulnerability. In that case it was reportedly possible to remotely read memory and possibly to inject and execute code. The discoverer of these vulnerabilities also reported difficulties in contacting SonicWALL and in getting information on the vulnerabilities to them.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-741971
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit