Date: Wed, 29 Nov 2000 15:41:59 +0100 From: Raptor <raptor@0XDEADBEEF.EU.ORG> Subject: DoS in Sonicwall SOHO firewall To: BUGTRAQ@SECURITYFOCUS.COM Hi, i was just playing a bit with a Sonicwall SOHO firewall, to verify performances and security of the product. I've noticed that using a very long string (some hundreds of chars) as the User Name in the auth page of the Sonicwall web server, the firewall reacts strangely: it begins to refuse connections to the 80/tcp port and it stops routing packets from the internal LAN. After about 30 seconds it apparently returns normal. I've verified this behaviour on Sonicwall SOHO firmware version 5.0.0, ROM version 4.0.0. Anyway access to the configuration web server from the external network is NOT enabled by default. I contacted the vendor in the person of Todd Koopman <toddk@sonicwall.com> and he said they already know that issue and they're going to fix it in the next firmware release. I would like to thank him for the rapid answer: i decided to post this vuln to BUGTRAQ 'cause i think customers want to know the issue and eventually disable external access to the Sonicwall web server. Also, some other similar products may be vulnerable to the same bug. I suggest the Sonicwall team to set up an e-mail account to receive security reports about their products: i apologize if they already have one, i wasn't able to find it on their website www.sonicwall.com. Sincerely, :raptor Antifork Research, Inc. @ Mediaservice.net Srl http://raptor.antifork.org http://www.mediaservice.net