Vulnerability

    Sonicwall SOHO firewall

Affected

    Sonicwall SOHO firewall

Description

    'Raptor'  found  following.   He  noticed  that  using a very long
    string (some hundreds of chars) as the User Name in the auth  page
    of the  Sonicwall web  server, the  firewall reacts  strangely: it
    begins  to  refuse  connections  to  the  80/tcp port and it stops
    routing packets from the internal  LAN. After about 30 seconds  it
    apparently returns normal.

    'Raptor'  verified  this  behaviour  on  Sonicwall  SOHO  firmware
    version  5.0.0,  ROM   version  4.0.0.    Anyway  access  to   the
    configuration web server from the external network is NOT  enabled
    by default.

    Doing some  additional tests  'Raptor' discovered  that the  thing
    reboots  also  when  it  receives  "strange"  HTTP  requests.  For
    example:

        voodoo:~$ telnet 192.168.87.112 80
        Trying 192.168.87.112...
        Connected to 192.168.87.112.
        Escape character is '^]'.
        GET
        (then press <CR>)

    It works also with POST  method: after some seconds the  Sonicwall
    SOHO is rebooted.

Solution

    SonicWALL,  Inc.  has  released  a  firmware patch to address this
    issue.  To receive  this firmware patch, please  contact SonicWALL
    support     (http://techsupport.sonicwall.com/swtech.html)     and
    reference bugtraq id 2013.