SonicWall patches security hole in Global VPN Client
Users of SonicWALL's Global VPN Client should install configuration files only from trustworthy sources - otherwise there could be trouble. The software contains a format string vulnerability that could allow an attacker to install malicious code on a computer via configuration files. The error occurs when the client parses the "name" attribute of the "Connection" tag and the content of the "Hostname" tag. The report on the problem by SEC Consult includes a proof-of-concept exploit.
All versions prior to 4.0.0.830 are affected. According to the report, the vulnerability can be triggered simply by double-clicking the configuration file in versions 4.x, whereas versions 3.x require the client to initiate a connection. The error has been fixed in SonicWall VPN Client 4.0.0.830.
See also:
- SonicWALL Global VPN Client Format String Vulnerability, vulnerability report by SEC Consult
(ehe)