SonicWALL Global VPN Client 4.0.782 - Remote Format String Vulnerability

ID EDB-ID:30840
Type exploitdb
Reporter SEC Consult
Modified 2007-12-04T00:00:00


SonicWALL Global VPN Client 4.0.782 Remote Format String Vulnerability. CVE-2007-6273. Dos exploit for windows platform


SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.

Versions prior to SonicWALL Global VPN Client are affected. 

The following proof of concept was supplied:
<Connection name=> AAAAAAAAAA%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%
<HostName> BBBBBBBBBB%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%