SonicWALL Global VPN Client < 4.0.0.830 Format String Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host contains a program that is affected by multiple
format string vulnerabilities.

Description :

The version of the SonicWALL Global VPN Client software installed on
the remote Windows host fails to sanitize the 'name' attribute of the
'Connection' tag and the content of the 'Hostname' tag in the
configuration file of format strings. If an attacker can trick a user
on the affected host into importing a specially crafted configuration
file, the attacker could leverage this issue to execute arbitrary code
on the affected host subject to the user's privileges.

See also :

http://www.nessus.org/u?a0715256
http://seclists.org/bugtraq/2007/Dec/21

Solution :

Upgrade to SonicWALL VPN client 4.0.0.830 as that reportedly resolves
the issue.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 38929 ()

Bugtraq ID: 26689

CVE ID: CVE-2007-6273

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now