1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • SonicWall issues another fix for botched VPN patch

    From TechnologyDaily@1337:1/100 to All on Wed Jun 23 15:30:03 2021
    SonicWall issues another fix for botched VPN patch

    Date:
    Wed, 23 Jun 2021 14:18:35 +0000

    Description:
    SonicWall has released a patch after an earlier one was botched.

    FULL STORY ======================================================================

    SonicWall has been forced to issue another patch to fix a vulnerability that was originally reported in September 2020 and affected over 800,000 SonicWall VPN s.

    Originally tagged and treated as CVE-2020-5135, the issue was identified as a critical stack-based Buffer Overflow vulnerability that reportedly could be exploited by remote attackers to execute arbitrary code on the impacted devices, or cause Denial of Service (DoS).

    Cybersecurity solutions provider SonicWall released a fix to patch the vulnerability in October 2020. However, as it turns out, the fix wasnt properly coded and in fact caused a memory dump issue causing SonicWall to
    get back to the drawing board to address the issue, which has now been fixed. Check out our roundup of the best endpoint protection software Here's our
    list of the best business VPNs available We've also highlighted the best antivirus software

    Craig Young, security researcher at TripWire, who was co-credited along with Nikita Abramov of Positive Technologies, as the discoverer for the CVE-2020-5135 vulnerability, has published a detailed account of his interactions with SonicWall for fixing the botched fix. Better late than
    never

    Young shares that he noticed that something was amiss with the October patch for CVE-2020-5135 and alerted SonicWall on October 6.

    On October 9, SonicWall confirmed my expectation that this was the result of an improper fix for CVE-2020-5135 and told me that the patched firmware versions had already started to become available on mysonicwall.com as well
    as via Azure , writes Young.

    He claims that although SonicWall had shared an advisory for the patched fix, now tracked as CVE-2021-20019 back in October 2020 itself, it wasnt until several months later in June 2021 that the advisory was made public and the fix pushed to customers. We've also put together a list of the best VPN solutions available

    Via Bleeping Computer



    ======================================================================
    Link to news story: https://www.techradar.com/news/sonicwall-issues-another-fix-for-botched-vpn-pa tch/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)