VAR-200712-0158
Vulnerability from variot - Updated: 2023-12-18 13:15Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges.
2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published
How do you know which Secunia advisories are important to you?
The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.
The vulnerability is caused due to a format-string error when processing a VPN configuration file. This can be exploited by e.g.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in version 3.1.0.556 and also reported in version 4.0.0.810. Other versions may also be affected.
SOLUTION: The vendor has reportedly issued version 4.0.0.830, which fixes the vulnerability.
PROVIDED AND/OR DISCOVERED BY: Discovered by lofi42 and reported via SEC Consult.
ORIGINAL ADVISORY: SEC Consult (20071204-0): http://www.sec-consult.com/305.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200712-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "global vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "3.1.556"
},
{
"model": "global vpn client",
"scope": "eq",
"trust": 1.6,
"vendor": "sonicwall",
"version": "4.0.0.810"
},
{
"model": "global vpn client",
"scope": "eq",
"trust": 0.8,
"vendor": "sonicwall",
"version": "3.1.556 and 4.0.0.810"
},
{
"model": "global vpn client",
"scope": "eq",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.782"
},
{
"model": "global vpn client",
"scope": "ne",
"trust": 0.3,
"vendor": "sonicwall",
"version": "4.0.830"
}
],
"sources": [
{
"db": "BID",
"id": "26689"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:3.1.556:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sonicwall:global_vpn_client:4.0.0.810:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6273"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Bernhard Mueller research@sec-consult.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-6273",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-29635",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6273",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200712-082",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-29635",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29635"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. \nSuccessfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions. \nVersions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. Local attackers may use this vulnerability to elevate their privileges. \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nThe vulnerability is caused due to a format-string error when\nprocessing a VPN configuration file. This can be exploited by e.g. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\nThe vulnerability is confirmed in version 3.1.0.556 and also reported\nin version 4.0.0.810. Other versions may also be affected. \n\nSOLUTION:\nThe vendor has reportedly issued version 4.0.0.830, which fixes the\nvulnerability. \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered by lofi42 and reported via SEC Consult. \n\nORIGINAL ADVISORY:\nSEC Consult (20071204-0):\nhttp://www.sec-consult.com/305.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "BID",
"id": "26689"
},
{
"db": "VULHUB",
"id": "VHN-29635"
},
{
"db": "PACKETSTORM",
"id": "61494"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-29635",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29635"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6273",
"trust": 2.8
},
{
"db": "BID",
"id": "26689",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "27917",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1019038",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-4094",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20071204 SEC CONSULT SA-20071204-0 :: SONICWALL GLOBAL VPN CLIENT FORMAT",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "11231",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-84204",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "30840",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-29635",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "61494",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29635"
},
{
"db": "BID",
"id": "26689"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "PACKETSTORM",
"id": "61494"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"id": "VAR-200712-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29635"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:15:39.129000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GLobal VPN Client",
"trust": 0.8,
"url": "http://www.vpn-technology.com/datasheets/global_vpn_client.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.sec-consult.com/305.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26689"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1019038"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/27917"
},
{
"trust": 1.6,
"url": "http://marc.info/?l=bugtraq\u0026m=119678272603064\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2007/4094"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6273"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6273"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/4094"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/11231"
},
{
"trust": 0.3,
"url": "http://www.vpn-technology.com/datasheets/global_vpn_client.pdf"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=119678272603064\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16784/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27917/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16783/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29635"
},
{
"db": "BID",
"id": "26689"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "PACKETSTORM",
"id": "61494"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29635"
},
{
"db": "BID",
"id": "26689"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"db": "PACKETSTORM",
"id": "61494"
},
{
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-29635"
},
{
"date": "2007-12-04T00:00:00",
"db": "BID",
"id": "26689"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"date": "2007-12-06T03:48:33",
"db": "PACKETSTORM",
"id": "61494"
},
{
"date": "2007-12-07T11:46:00",
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"date": "2007-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-29635"
},
{
"date": "2007-12-13T20:22:00",
"db": "BID",
"id": "26689"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006406"
},
{
"date": "2011-03-08T03:02:18.597000",
"db": "NVD",
"id": "CVE-2007-6273"
},
{
"date": "2007-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWALL GLobal VPN Client Format string vulnerability in configuration files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006406"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200712-082"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…