Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6273

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2007-6273
Last Modified 07 Mar 2011 10:02:18
Published 07 Dec 2007 06:46:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6273

Summary

Multiple format string vulnerabilities in the configuration file in SonicWALL GLobal VPN Client 3.1.556 and 4.0.0.810 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in the (1) Hostname tag or the (2) name attribute in the Connection tag. NOTE: there might not be any realistic circumstances in which this issue crosses privilege boundaries.

Vulnerable Systems

Application

  • Sonicwall Global Vpn Client 3.1.556

  • Sonicwall Global Vpn Client 4.0.0.810


References

VUPEN - ADV-2007-4094

BID - 26689

MISC - http://www.sec-consult.com/305.html

SECUNIA - 27917

BUGTRAQ - 20071204 SEC Consult SA-20071204-0 :: SonicWALL Global VPN Client Format

SECTRACK - 1019038


Last Updated: 27 May 2016 10:46:26