How We Built a Self Healing Double Ring Helix w SonicWall Next Gen Firewalls

/0 Comments/in /by

In this guest post, our customers Kelley Parkes, Director of Technical Operations (on the right) and Dave Rupert, Systems Engineer (on the left) at First Source, describes how their company built a site-to-site VPN with SonicWall NSAs and TZs to enable secure collaboration and failover protection to sites spread across the country.

When your company grows by acquisition, the way ours does, your IT group has to run fast and hard just to keep up with more users, more sites, more remote connections and a secure perimeter that keeps expanding.

We’ve recently switched from keeping-up mode to being ahead of the curve thanks to a combination of our own internal expertise,  SonicWall next-generation firewalls and implementation help from Cerdant. I figured a lot of the people following Tech Center are in the same boat, so I asked SonicWall to let me share what we’re doing.

An expanding security perimeter

Our company is a nationwide distributor of specialty foods and confections from manufacturers like Godiva, Ghirardelli and Lindt. When you buy candy at Walmart, Cracker Barrel and Bed Bath & Beyond, chances are it comes from First Source.

We started out with sites in Virginia and Tennessee. We merged with a company in Buffalo, New York, and then we acquired a California location. Now we cover the entire country with around 500 employees in four main warehouses, two remote warehouses, one retail store and our data center. That means that our security perimeter covers eight locations from one coast to the other.

We had been using the ZyXEL 35, which has a very simple firewall application. However, when we looked at the roadmap of functions we wanted to offer the business, we knew the ZyXEL wouldn’t handle enough of them:

  • Remote computing “” We had no secure VPN for remote users. We used simple port forwarding over the ZyXEL firewall to give users remote desktop access. That offered some security, but nothing near the encryption level we wanted from a secure VPN.
  • Protection beyond the perimeter “” There was no mobile security for users connecting on BYO devices outside of our perimeter.
  • Quality of service for VoIP “” We plan a move to voice over IP soon, so besides network security we needed the ability to carve out QoS for that.
  • Content filtering “” We wanted the ability to block access to sites that waste time and devour bandwidth. Even more important for PCI compliance, we needed to be able to check any personally identifiable information or outgoing data that looks like a credit card number or a Social Security number.

And then strategically, we wanted everybody to be able to collaborate across the same network. For all of these reasons, we decided to build out a site-to-site VPN.

How to build a resilient, site-to-site VPN

We knew we were going to upgrade from the ZyXEL, so we looked at products from vendors like Cisco and Barracuda. We ended up selecting  SonicWall NSA and TZ Series next-gen firewalls, mostly because of their secure VPN, which would make it easier for all of us to log in remotely anytime from anywhere and access in-house files, applications and printers. The support team at SonicWall pointed me to Cerdant and we chose them as our implementation partner.

Cerdant is dedicated to SonicWall operation and applications, and they’ve given us good ideas based on our needs. The hardware inventory for our site-to-site VPN goes like this:

  • NSA 4500 in Virginia
  • NSA 3500 in Tennessee
  • NSA 3600s in California and New York
  • TZ 205s in each of the remote warehouses locations, at our retail store and at the data center

All of our SonicWall firewalls are connected by MPLS and business-class high-speed internet circuits. We’ve used them to create a primary, internal, closed-loop network over dedicated, fiber-optic MPLS lines (10 Mbps), which cost about $1,500 per month per site on average. We lease a secondary loop over standard ISP circuits (100 Mbps down, 20 Mbps up) for about $350 a month. (The retail store connects through its local cable provider for about $75 a month.) The secondary is a fallback loop in case the MPLS connection drops for a few minutes or a few hours.

The best part is that the SonicWall firewalls can use a probe to detect when the primary connection goes down and can automatically failover to the secondary loop. In fact, I can think of three or four times in the last year that the MPLS loop has dropped for anywhere from ten to 40 minutes and we’ve flipped over to that secondary network of internet connections.

Cerdant has been a great partner for us. They’ve automated the SonicWall firewalls to fail over from the primary to the secondary loop, and then back to the primary after our carrier has restored the MPLS connection.

As I mentioned, we went with SonicWall firewalls mostly because of the secure VPN. I’m very glad we’ve also gotten a self-healing, double-loop network in the bargain.

Saved about $20,000 on hardware alone

We’ve seen other big advantages to deploying SonicWall throughout the company “” operational, IT and financial advantages.

On the operations side, it’s been much easier to support our service level agreement, which is our commitment to users that we’ll keep our systems up and running. With the double-loop network, we don’t lose connectivity between locations, so we have full business continuity in the event our network fails.

From an IT perspective, we’ve gotten so much more than just firewall hardware. We reap the benefits of SonicWall features like deep packet inspection, gateway antivirus, anti-spyware, bandwidth management, content filtering and secure VPN, as well as SonicWall’s continuous threat research.

Financially, we’ve saved $5,000 to $6,000 per location on load balancing equipment. Our self-healing, double-loop network configuration required load and link balancers, and we get those functions from the SonicWall firewalls, in addition to all of the firewall security features they offer. That has saved us at least $20,000 in building out our network.

Your turn

When I first started this project, I researched several forums and saw other sys admins and IT managers trying to figure out how to connect multiple sites and asking questions about failover protection and the best type of connectivity. I could see that many of my counterparts aren’t happy with what they have in place. We’re very pleased with what we’ve implemented with SonicWall and Cerdant, and I wanted to describe it as a viable option for configuring a resilient network.

How do you connect your remote locations? What site-to-site VPN configuration works for you? Let me know in the comments below.

Upatre.SMJ a Malware Hides in encrypted PNG Image

/in /by

The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: Upatre.SMJ actively spreading in the wild. This time attackers used a dropper to download the original Malware that hides in Image (encrypted PNG) files to avoid detection by Firewalls.

Infection Cycle:

The Malware uses the following icon:

Md5:

  • 051e79a2d44a8dba92e98ae9c4be2399 – Major Executable

Dropper:

  • 88ff4cfd4154c9b112a963700dfcd560 – Image PNG file

The Malware adds the following files to the system:

  • Malware.exe

    • %Temp%tzojedox.exe

    • %Temp%TZ9D-23.txt

  • Tzojedox.exe

    • %Temp%kiuwken.exe

    • %Temp%TZ9D-23.txt

  • Kiuwken.exe

    • C:WINDOWSenCSuFWrQQsXBxp.exe

The Malware adds the following key to the Windows registry to ensure persistence upon reboot:

Once the computer is compromised, the malware copies its own executable file to Temp folder.

The file tzojedox.exe is dropped after malware launches on the target system, the malware tries to download PNG encrypted files from its own C&C server such as following domains:

Here is an example of encrypted PNG file:

The malware tries to retrieves your computer name, version of your windows and your IP address then its transfers information to its own C&C server such as following IPs:

Command and Control (C&C) Traffic

Upatre.SMJ performs C&C communication over 443 and 80 ports. The malware sends your system information to its own C&C server via following format, here are some examples:

We have been monitoring varying hits over the past few days for the signature that blocks this threat:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: Upatre.SMJ (Trojan)

Cross-Site Scripting in Apple CUPS Web Interface

/in /by

Apple CUPS Web Interface written in CGI is vulnerable to reflected cross site scripting. While processing the GET request, if a URL contains an tag, the vulnerable CGI enters a while loop until it finds the closing double quote (“) and copies over all the characters without escaping.

Attacker can entice user to go through the URL containing exploit to execute the controlled script, which can lead to disclosure of information and impersonate the target.

Dell SonicWALL has released an IPS signature to detect and block exploitation attempts targeting this vulnerability. The signature is listed below:

  • 11003 Apple CUPS Web Interface XSS

0-day Flash Exploit From Hacking Team Data Leak (July 7, 2015)

/in /by

HackingTeam has discovered a 0-day exploit in the wild in Flash Player. This exploit works against the most recent version of Flash Player(18.0.0.194). The exploit triggers a use-after-free vulnerability that affects the flash player.

The vulnerability occurs when an element of ByteArray of certain size is initialized with an object. This assignment happens first by saving the offset address of the array in a local variable. Then to calculate the value of the object, ‘valueOf()’ function is triggered against the object. This function is overriden where the code changes the length of the ByteArray and the array is relocated. This advertently invalidates the offset address thus triggering use-after-free vulnerability. With the vulnerability, it’s very easy to predict and control the address and thus making it very easy to exploit.

We are closely monitoring if there are any other exploits in-the-wild.

Sonicwall has written following signatures that protect our customers from this exploit:

  • SPY 1069 : Malformed-File swf.OT.29
  • SPY 1366 : Malformed-File swf.MT.16

This vulnerability is referred by CVE as CVE-2015-5119.

Deep Dive Into SonicWall Security at the SonicWall World 2015 Software User Forum

/0 Comments/in /by

During my 14 years with SonicWall Security (formerly SonicWall), I’ve never seen a greater need for powerful network security, and the SonicWall World Software User Forum provides a great opportunity for you to mingle with some of the most powerful minds in security today.

We’re excited to finally be able to host a dedicated security customer forum at this event. We’ve had a fantastic year and we can’t wait to show you our new lineup of SonicWall TZ Series firewalls, new SonicWall Secure Mobile Access (SMA) appliances and a few yet-to-be-released products. Some of the break-out sessions that I’m especially looking forward to are: Strategic Direction & Vision, SonicWall Next-Generation Firewall Technology overview, and How to make your network security future ready and, of course, the top secret band that will be performing.

Register for the SonicWall Security Track at the SonicWall World Software User Forum 2015 and learn how to address these security challenges head-on with direct access to engineers and experts for the security products you depend on every day. Some of the highlights include:

  • Learn practical methods for getting the most out of your SonicWall device
  • Get a sneak peak at the newest tech
  • Participate in hands-on tech labs

Experience the visionary keynotes from our leaders and industry experts in the SonicWall World 2015 general sessions Explore the SonicWall World Solution Showcase with partner and product demos highlighting the innovation and cutting-edge technology in mobility, cloud, big data, networking and more. Plus, enjoy the music of our secret special band at the Opening Night concert.

Take advantage of the Buy One Get One offer today. If you purchase one pass to the SonicWall World Software User Forum, we will include one additional pass at no extra cost for a colleague.

And here are more good reasons to not to miss out on SonicWall’s annual conference:

  • Attend 13 in-depth, security-specific sessions including:
    • Technology and roadmap deep dive for SonicWall next-gen firewalls
    • Advanced SonicOS management best practices
    • Advanced SuperMassive deployment best practices
    • Global Management System (GMS) as an enterprise firewall management console
    • Creating an enterprise “Clean VPN” solution using SonicWall products

There will be interactive discussions and access for you to speak to SonicWall product engineers, experts and executives. They will shed light on product direction and roadmaps for SonicWall products.

During my tenure, I’ve met many of you in-person, and I look forward to seeing you again. For those of you I haven’t met, I hope you will register for the event and join me for a handful of truly informational days at the Software User Forum.

It’s all yours from Oct. 20 through Oct. 22
at the Hilton Hotel in Austin, Texas.
Come help us paint the town blue!
(SonicWall blue, please)

View SonicWall World Software User Forum Agenda

5 Key Performance Indicators to measure

/0 Comments/in /by

The SonicWall Security Threat Research team sifts through hundreds of thousands of unique malware samples daily. In their latest threat report, they’ve documented that businesses continue to be under attack in ways that are increasingly difficult to defend against. We often see threat actors using combinations of evasion techniques and modifying their attacks vectors to circumvent firewalls and intrusion detection systems. The multitude of published security breaches proves that many existing network security controls are not working effectively against today’s modern threats. For companies that have been fortunate thus far, it’s time to face some tough questions about your security risks.

  • Are the company’s network security controls doing an effective job?
  • Are we testing and measuring its effectiveness thoroughly? What are the key quantifiable performance metrics?
  • Where do we need to improve to gain a better security posture?

Understandably there are many other important risk-related inquiries concerning different security controls that also require our attention. However, we’ll narrow the focus of this discussion primarily on next-generation firewalls (NGFWs) given their principal role in facilitating secure business communications and data exchanges over the Internet. Thus, the stability, reliability and most importantly, security effectiveness of the NGFW device is imperative when it comes to protecting the confidentiality, integrity, and availability of an information system and its information.

Picture of SonicWall's SuperMassive E10000 Series model

The concept of a “security effectiveness” score is generally recognized today as a decisive network security metric used by IT organizations across all industries. The computed rating helps decision makers establish a reference level in assessing the quality and efficacy of an NGFW based upon “5 performance indicators” identified by NSS Labs, a well-trusted independent information security research firm that supports its product analysis through exhaustive laboratory testing. NGFW devices are tested and rated for their effectiveness, performance, manageability and cost of ownership to provide answers to tough questions faced by IT professionals when selecting and implementing security products. So when NSS documents these scores and makes its recommendations in its published reports, it is solely based upon empirical test data. Testing is performed starting with a baseline configuration to more complex, real-world configurations that simulate varying use cases. The firewall ranking is heavily weighted on 5 key performance indicators that determine the effectiveness score verifying that the firewall is capable of the following:

  1. Intrusion Prevention – correctly blocking malicious traffic based on a comparison of packet/session contents against signatures/filters/protocol decoders without false positives.
  2. Evasion – accurately detecting and blocking known exploits when subjected to varying evasion techniques.
  3. Application Control – accurately executing outbound and inbound policies consisting of many rules, objects, and applications and identifying the correct application, and taking the appropriate control action.
  4. Firewall Policy Enforcement – correctly enforcing firewall rules that permit or deny access from one network resource to another based on identifying criteria such as source, destination, and service.
  5. Stability and Reliability – maintaining security effectiveness while passing malicious traffic under normal or heavy conditions.

The NSS security effectiveness report is the ultimate validation of NGFW quality and performance. The report contains a full range of tests results that have direct relevance towards the evaluation and selection of a capable NGFW to protect and secure your organization. Some of the interesting findings include exploit block rate, coverage by attack vector, impact type and popular applications and resistance to various combination of advanced evasive attacks. As an IT security leader responsible for information and network security in your organization, I’d like to share with you a copy of the NSS Labs report that is packed with important information to serve as a guide when measuring the security effectiveness of your current firewall.

Download Report

Go mobile to Increase Employee Productivity

/0 Comments/in /by

What if you could increase employee productivity and employee satisfaction? Compelling evidence shows that employers that embrace the use of mobile devices for work purposes, whether personal or corporate issued, can do just that. Too risky? A new generation of mobile security and management tools can enable this without compromising data security.

According to a survey of 251 businesses and IT professionals conducted in 2014 by Harvard Business Review, “organizations that support and encourage use of mobile devices by their employees are experiencing increased productivity and user satisfaction. The good news is that the mobile revolution isn’t coming, it’s here. A majority of respondents believe mobile devices have already transformed their organizations, and predict their transformational impact will be even greater in two years. As an example, 65 percent of respondents say mobile devices have improved enterprise efficiency, while another 51 percent say they’ve improved customer service. Meanwhile, 47 percent say they’ve enhanced employee satisfaction and retention. ”

Could your business benefit from increased efficiency? Increased employee satisfaction? Most businesses could.

In order to achieve these benefits, you’ll likely need to refresh your data access and security infrastructure to support the mobile worker. Most organizations are optimized for the legacy remote access paradigm, that is, IT managed windows laptops. To facilitate mobile worker productivity, you’ll need to modernize your access and security infrastructure to enable mobile worker productivity and protect from mobile threats. Here’s a checklist of considerations:

  1. Data protection, end-to-end: Data protection is a top concern and many organizations are considering or have deployed technologies such as Hosted Virtual Desktop, Enterprise Mobility Management (EMM) or other data encryption solutions to secure business data on mobile and remote devices. This a great start, but company data and networks are still at risk if only on-device data protection is addressed. Security is an end-to-end mobile workflow challenge.

  2. Access to company data from many device types: Your remote access infrastructure was likely implemented for the use case of remote workers accessing corporate resources from windows laptops. Of course, this has changed with the explosion of mobile devices, including smartphones, tablets etc”¦.and will continue to evolve with wearables and the internet of things. To get ahead of the curve, IT organizations need to invest in access infrastructure and gateways that can support not only legacy windows laptop technologies, but also today’s mobile devices and are ready to support the connected devices of the future. For example, enabling secure access from the standard HTML 5 browsers that most modern connected devices support.

    Also, your access infrastructure was likely implemented to support a one session per user model. With the explosion of mobile and connected devices comes an explosion of concurrent sessions. To get ahead of the explosion and provide the support businesses will need to be successful, you need access infrastructure and gateways that are scalable to keep ahead of the explosion and keep employees productive.

    And lastly, whereas workers were delighted with the productivity gains experienced when business email and calendar could be accessed from smartphones, today’s workers want access to all the company resources they need to be productive, including ERP etc”¦.from their mobile devices. To get ahead of the curve, your access infrastructure needs to support secure access to a broad range of resources, including intranet web apps, client server apps, hosted desktops etc”¦ from the devices workers want to use.

  3. Business + Personal = Increased risk: The business and personal mixed -usage model that many workers prefer, often results in co-mingling of personal and business data and apps on mobile devices. The typical scenario is a mobile user accessing email, calendar, the internet, social media and other apps for personal use, and also accessing business mail, calendar, intranet file share and intranet business apps for business use. The challenge for IT here is, that this comingling of apps and data increases the risk of business data loss and the risk of malware threats. We also find that IT organizations have challenges associated with mobile workers who are concerned about app and data privacy. Increasingly, personal data is legally protected, so businesses need to track end-user acceptance of BYOD policy terms to reduce business risk and demonstrate legal compliance. And we’re seeing these challenges across the board, impacting organizations of all sizes, all types. No organization is immune, though the greatest risk is with regulated industries.

  4. Cyber threats go mobile: Historically, IT protected corporate networks and compute environments by only allowing trusted devices and users to connect to the network. IT could help limit the potential of devices introducing malware onto the network by controlling and managing laptop configurations and software images. In the new mobile era, IT no longer controls or manages these devices. Workers are independently choosing their smart-phones and tablets as well as the apps and services they use to address business and personal needs, and with the mobile explosion comes an increase in cyber threats targeting mobile platforms.

    To protect from malware infection, the best defense is a good offense.

    With mobile users and BYOD, you may not control the device or the software, but you can deploy access control and security technologies in your IT infrastructure that interrogate the device, OS, mobile apps and validate their integrity before granting access to your network. You can deploy next-gen firewalls to scan mobile traffic entering your network and block malware before it infects corporate systems and data. And you can monitor and block access to and from disreputable web applications and sites.

    If your business could benefit from increased employee productivity and satisfaction, now’s the time to embrace going mobile. For more information on access and security solutions you need to enable mobile worker productivity while protecting from threats, read our eBook, SonicWall Secure Mobile Access for BYOD.

    Download eBook

RecJS: a Multi-Component Malware hides behind JavaScript.

/in /by

The Dell Sonicwall Threats Research team observed reports of a New Multi-Component family named GAV: RECJS.AB actively spreading in the wild. This time attackers used a Java Script .Js file dropped by an executable file. The malware uses Windows-based Script Host to run scripts on infected machine and hides behind a JavaScript file to avoid detection. One major component is responsible to take a Screenshot from infected machine and upload it to its own C&C server.

Infection Cycle:

The Malware uses the following icon:

Md5:

  • 2a63b3a621d8e555734582d83b5e06a5 – Multi-Component Package

Droppers:

  • aecef77725f3ee0b84b6b8046efe5ac0 – 7z.dll

  • a1efcedc97c76b356f7ffa7cf909d733 – 7z.exe

  • f3c7fb3cabab9af2291d55da05ce10fe – ns3B2.tmp

  • e0c13aa81e0d5a2df8ecc98c969a6958 – nsExec.dll

  • ae182dc797cd9ad2c025066692fc041b – System.dll

  • 75fb0aecd2cfef2210495a4f3cab5bcf – windrv.exe

  • f1a7ea45ced96bec4ad093f5dbd53b29 – e4a65dca09558335391ff7233ec51084.js

The Malware adds the following files to the system:

  • Malware.exe

    • %Temp% nsb3AE.tmpSystem.dll

    • %Temp% nsb3AE.tmp nsExec.dll

    • %Temp% nsb3AE.tmp ns3B2.tmp

  • cmd.exe

    • %Userprofile%Application DataAppCache_3a879c0b9817492db842ebd53ca6a115

    • 7z.dll

    • 7z.exe

    • e4a65dca09558335391ff7233ec51084.js

    • svchost.exe

      • its a copy of Microsoft (R) Windows Based Script Host C:WINDOWSsystem32wscript.exe

    • taskhost.exe

      • its copy of Windows Command Processor C:WINDOWSsystem32cmd.exe

    • windrv.exe

      • It a app for capturing Screenshots from target system

The Malware adds the following files to the Windows startup folder to ensure persistence upon reboot:

  • %Userprofile%Application Dataappdata.lnk

  • %Userprofile%Start MenuProgramsStartupWindows Application Manager.lnk

    • C:WINDOWSsystem32wscript.exe /b /nologo /E:javascript “%Userprofile%Application data AppCache_3a879c0b9817492db842ebd53ca6a115 e4a65dca09558335391ff7233ec51084.js” startup

Once the computer is compromised, the malware copies of Windows Based Script Host wscript.exe and Windows Command Processor Cmd.exe to AppCache folder.

The Malware uses .JS script to grabbing information from the infected machine and uses legitimate windows apps to avoid the detection by AV Vendors.

In the background the Malware runs the following commands on the system:

  • Cmd.exe

    • Cmd /c cd C:Documents and SettingsAdministratorApplication DataAppCache_3a879c0b9817492db842ebd53ca6a115 & copy /b 34c227 + 34c227bb + 34c22 + 34c227b + bb4736 + bb473 7z.exe

  • %Temp% nsb3AE.tmp ns3B0.tmp

    • “%Userprofile%LOCALS~1Temp nsb3AE.tmp ns3B0.tmp” cmd /c cd %Userprofile%Application DataAppCache_3a879c0b9817492db842ebd53ca6a115 & copy /b 343b + 9398cde4 + 93 + 9398cd + 9398cde + 4c7d + 4c7d9ee9 7z.dll

The file e4a65dca09558335391ff7233ec51084.js is dropped after malware launches on the target system, the malware uses wscript.exe for grabbing information from the infected machine such as the version of installed Anti-Virus, here is an example:

The malware tries to retrieves the version of your Processor to create a unique ID from your system, here is an example:

When the Malware creates and unique ID from your system then its transfers information to its own C&C server with following format:

After a while malware starts to take screenshot from infected machine and save it into screenshot.png file and then upload it to its own C&C server.

Command and Control (C&C) Traffic

RECJS.AB performs C&C communication over 443 port. The malware sends your system information to its own C&C server via following format, here are some examples:

SonicWALL Gateway AntiVirus provides protection against this threat via the following signature:

  • GAV: RECJS.A
    B     (Trojan)

Adobe Flash Player Heap Zero-Day Vulnerability CVE-2015-3113 (Jun 25, 2015)

/in /by

Adobe released a Security update for Adobe Flash Player on June 23, 2015 to cover a critical 0day Heap-based buffer overflow vulnerability. Dell SonicWALL has released the following signature to protect their customers at the same day:

  • 1040 Malformed-File swf.MP.228

There was no further activities addressing this vulnerability has been observed as of today since the signature was deployed on Dell SonicWALL GRID system. However, exploiting this vulnerability could potentially allow an attacker to take control of the affected system, which include systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP. An update of the Adobe Flash Player application is suggested. The following are the list of affected software versions:

  • Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux

This vulnerability is referred by CVE as CVE-2015-3113.

Buffer Overflow vulnerability in PHP (June 19,2015)

/in /by

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow CVE-2015-4022.

The vulnerability is exploited by the attacker as follows :
The target server connects to the attacker’s FTP server when the attacker visits the vulnerable page. Target server sends LIST command to attacker’s FTP server.

Attacker’s FTP server sends malicious response to the target.

As seen in the code,if the response(which is stored in the tempfile) is more than 2^32 then loops at line 1839 and 1841 will overflow. The function ftp_genlist() then uses these overflown variables to calculate the size and allocate a heap buffer. The entire contents of temporary file are then copied to the undersized heap buffer, resulting in a heap buffer overflow at line 1862. This could lead to PHP application crash or arbitrary code execution.

Dell SonicWALL Threat Research Team has researched this vulnerability and released following signature to protect their customers.

  • IPS 4902: Server Application Shellcode Exploit 20