exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control

SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
Posted Oct 29, 2010
Authored by Dmitriy Pletnev | Site secunia.com

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in the "Install3rdPartyComponent()" method in the "Aventail.EPInstaller" ActiveX control when creating an absolute path name based on values in the "CabURL" and "Location" arguments. This can be exploited to cause a stack-based buffer overflow via overly long values. Successful exploitation allows execution of arbitrary code.

tags | advisory, overflow, arbitrary, activex
advisories | CVE-2010-2583
SHA-256 | bda7d9a6037b717f828fe03148093d6578e44697389fab80cebbcb196eeacc52

SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control

Change Mirror Download
====================================================================== 

Secunia Research 29/10/2010

- SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control -
- "Install3rdPartyComponent()" Method Buffer Overflow -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

* SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control
version 10.5.1.117

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly critical
Impact: System access
Where: Remote

======================================================================
3) Vendor's Description of Software

"The End-Point Interrogator/Installer ActiveX control provides
software installation and interrogation functionality and is used by
the SonicWALL SSL-VPN E-Class remote access devices."

Product Link:
http://www.sonicwall.com/us/products/506.html

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN
End-Point Interrogator/Installer ActiveX Control, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused by a boundary error in the
"Install3rdPartyComponent()" method in the "Aventail.EPInstaller"
ActiveX control when creating an absolute path name based on values
in the "CabURL" and "Location" arguments. This can be exploited to
cause a stack-based buffer overflow via overly long values.

Successful exploitation allows execution of arbitrary code.

======================================================================
5) Solution

Update to version 10.5.2 and apply hotfix 3 for version 10.0.5.

======================================================================
6) Time Table

28/09/2010 - Vendor notified.
28/09/2010 - Vendor response.
10/10/2010 - Vendor confirms the vulnerability.
26/10/2010 - Vendor releases fixed version.
29/10/2010 - Public disclosure.

======================================================================
7) Credits

Discovered by Dmitriy Pletnev, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-2583 for the vulnerability.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-117/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close