If you don't want to receive our marketing information, please click here, we will promptly delete it.
If you are willing to receive our upcoming marketing information, please don't make any reply.

Security Update
Vulnerabilities in SonicWALL SSL VPN appliance

Description

Several vulnerabilities was found in SonicWALL SSL VPN appliance, which can be exploited by malicious people to delete arbitrary files or compromise a user¡¦s system

1)The WebCacheCleaner ActiveX control includes the insecure method "FileDelete()", which can be exploited to delete arbitrary files

2)Stack Buffer overflow occurred when user access malicious website and the NetExtender NELaunchCtrl ActiveX control handling invalid arguments passed to certain methods (e.g. "AddRouteEntry()", "serverAddress()", "sessionId()", "clientIPLower()", "clientIPHigher()", "userName()", "domainName()", and "dnsSuffix()"). This vulnerability enabled attackers to take control of affected systems.

Product affected

- WebCacheCleaner ActiveX control version 1.3.0.3
 - NeLaunchCtrl ActiveX control version 2.1.0.49
- Other previous versions may also be affected.

Solution

Apply patches according to affected software versions:

SonicWALL 2000/4000 - Upgrade the firmware to version 2.5 or above
SonicWALL 200 - Upgrade the firmware to version 2.1 or above
Latest firmware can be downloaded from http://www.mysonicwall.com
Events - Nexus Solutions Day




Product Update

1 :Citrix- Not Just another Load Balancer
2 :H3C- 3Com Switch
3 :Symantec Enterprise Vault Special Promotion
4 :Citrix- The Secrets of Successful Application Delivery

Enquiry Hotline: 2102 5894    Email: marketing@nexus-hk.com
If you don't want to receive our marketing information, please click here, we will promptly delete it. All the above informations are for reference only.
If you are willing to receive our upcoming marketing information, please don't make any reply.