Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  nodelist  faq  login

"Life is too important to take seriously." -- Corky Siegel


rocksolid / Security / Well...

SubjectAuthor
* Do you use the Sonic firewall ?Anonymous
+- Re: Do you use the Sonic firewall ?AnonUser
`- Well...Anonymous

1
Subject: Do you use the Sonic firewall ?
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: i2pn2 (i2pn.org)
Date: Fri, 16 Oct 2020 10:11 UTC
Path: i2pn2.org!.POSTED!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Do you use the Sonic firewall ?
Date: Fri, 16 Oct 2020 03:11:37 -0700
Organization: i2pn2 (i2pn.org)
Message-ID: <opsec.734.39emly@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="10798"; mail-complaints-to="usenet@i2pn2.org"
View all headers
Time for an update, this thing is reaaally wide open:

https://de.tenable.com/blog/cve-2020-5135-critical-sonicwall-vpn-portal-stack-based-buffer-overflow-vulnerability

--
Posted on def2


Subject: Re: Do you use the Sonic firewall ?
From: AnonUser
Newsgroups: rocksolid.shared.security
Organization: novaBBS
Date: Sat, 17 Oct 2020 01:37 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: AnonU...@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: Do you use the Sonic firewall ?
Date: Sat, 17 Oct 2020 01:37:24 +0000
Organization: novaBBS
Message-ID: <8a3ff00b1280ce87ce8419cc75a403fa$1@www.novabbs.com>
References: <opsec.734.39emly@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="15436"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs
X-Rslight-Site: $2y$10$vE.a04R1JwbBQS2RqzrzAeo/T.yQro7xikODl/NtqETKfPF3msFZa
View all headers
Anonymous wrote:

Time for an update, this thing is reaaally wide open:

https://de.tenable.com/blog/cve-2020-5135-critical-sonicwall-vpn-portal-stack-based-buffer-overflow-vulnerability

Looks like they believe they've patched them all

"SonicWall published patches for all 11 vulnerabilities."

Affected Versions Fixed Versions
SonicOS 6.5.4.7-79n and below SonicOS 6.5.4.7-83n
SonicOS 6.5.1.11 and below SonicOS 6.5.1.12-1n
SonicOS 6.0.5.3-93o and below SonicOS 6.0.5.3-94o
SonicOSv 6.5.4.4-44v-21-794 and below SonicOS 6.5.4.v-21s-987
SonicOS 7.0.0.0-1 SonicOS 7.0.0.0-2 and above

--
Posted on: novaBBS
www.novabbs.com


Subject: Well...
From: Anonymous
Newsgroups: rocksolid.shared.security
Organization: def2
Date: Sat, 17 Oct 2020 15:42 UTC
References: 1
Path: i2pn2.org!.POSTED!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Well...
Date: Sat, 17 Oct 2020 08:42:37 -0700
Organization: def2
Message-ID: <opsec.736.1thgt3@anon.com>
References: <opsec.734.39emly@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: i2pn2.org; posting-account="def2";
logging-data="2810"; mail-complaints-to="usenet@i2pn2.org"
View all headers
Looks like they believe they've patched them all

like the song says:
"that don't impress me much". as a firewall, you have one fucking job, which is to keep the bad guys out. if you prove you cannot do it and instead allow remote code execution, you have not only failed in the sense that you did _not_ keep the bad guys out, but in fact you invited them in and opened the door.

--
Posted on def2


1
rocksolid light 0.7.2
clearneti2ptor