Hi,

i was just playing a bit with a Sonicwall SOHO firewall, to verify

performances and security of the product. I've noticed that using a

very long string (some hundreds of chars) as the User Name in the auth

page of the Sonicwall web server, the firewall reacts strangely: it

begins to refuse connections to the 80/tcp port and it stops routing

packets from the internal LAN. After about 30 seconds it apparently

returns normal.



I've verified this behaviour on Sonicwall SOHO firmware version 5.0.0, ROM

version 4.0.0. Anyway access to the configuration web server from the

external network is NOT enabled by default.



I contacted the vendor in the person of Todd Koopman 

and he said they already know that issue and they're going to fix it in

the next firmware release. I would like to thank him for the rapid

answer: i decided to post this vuln to BUGTRAQ 'cause i think customers

want to know the issue and eventually disable external access to the

Sonicwall web server. Also, some other similar products may be vulnerable

to the same bug.



I suggest the Sonicwall team to set up an e-mail account to receive

security reports about their products: i apologize if they already have

one, i wasn't able to find it on their website www.sonicwall.com.



Sincerely,



:raptor

Antifork Research, Inc. @ Mediaservice.net Srl

http://raptor.antifork.org http://www.mediaservice.net