sonicwall global_vpn_client Security Vulnerabilities

1 Vulnerabilities

Description
Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries. Impacted versions: 3.1.556, 4.0.0.810 Base Score: 9.3, Severity: HIGH, ID: CVE-2007-6273, Last Modified: 2011-03-08T03:02:00Z References Exploit Vendor Advisory Exploit Exploit

Description

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.

Impacted versions: 3.1.556, 4.0.0.810

Base Score: 9.3, Severity: HIGH, ID: CVE-2007-6273, Last Modified: 2011-03-08T03:02:00Z

References

Exploit Vendor Advisory Exploit Exploit

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.