SUNNYVALE, Calif., Aug. 3 /PRNewswire-FirstCall/ -- SonicWALL, Inc. , a leading secure network infrastructure company, has deployed protection against SSL Certificate Null Byte Poisoning vulnerability (CVE-2009-2408). Users of the company's Unified Threat Management Firewall technology, which protects against viruses, Trojans, worms and other threats and vulnerabilities, automatically receive updated signatures designed to repel security threats.
This vulnerability allows attackers to perform "man-in-the-middle" session hijacking various browser and non-browser based SSL implementations. Once an attacker successfully obtains a specially crafted null byte stuffed certificate designed to imitate the origin content server, privacy of the data can be compromised since there will be no distinguishable notification to the user that the secure connection has been intercepted by an unknown 3rd party. In addition, SSL sessions compromised as a result of the above mentioned vulnerability, can be used to install unwanted trojans and malware on the victim's computer.
The vulnerability was first publicly disclosed during BlackHat security conference briefings in Las Vegas on July 29-30, 2009. On July 31, 2009, users of SonicWALL's Unified Threat Management technology received updated signatures designed to protect against this threat. SonicWALL has issued the following IPS signature
IPS SID: 1266 EXPLOIT - SSL Server Certificate Null Byte Poisoning.
SonicWALL has developed unique technologies to deliver zero day gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to defend against new and existing Internet attacks and exploits such as phishing, viruses, DHA or DoS attacks and more. Customers with a current subscription to SonicWALL's gateway threat prevention services are not affected by this vulnerability.
Further information on these and other vulnerabilities is available at: https://www.mysonicwall.com/SonicAlert/index.asp?ev=article&id=150 https://www.mysonicwall.com/SonicAlert/index.asp About SonicWALL, Inc.
SonicWALL, Inc. the leader in network security, focuses on developing solutions that remove the cost and complexity out of managing a secure network environment. With over one million award-winning appliances shipped through its global network of ten thousand channel partners, SonicWALL provides end-to-end solutions including Firewalls, SSL VPN's, Email Security and Continuous Data Protection that collectively ensure robust, secure network protection. For more information, visit the company web site at http://www.sonicwall.com/.
Safe Harbor Regarding Forward-Looking Statements
Certain statements in this press release are "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. The forward-looking statements include but are not limited to statements regarding the consequences of null byte poisoning vulnerability and the ability to automatically update signatures on a continual basis. These forward-looking statements are based on the opinions and estimates of management at the time the statements are made and are subject to certain risks and uncertainties that could cause actual results to differ materially from those anticipated in the forward-looking statements. In addition, please see the "Risk Factors" described in our Securities and Exchange Commission filings, including our Annual Report on Form 10-K for the year ended December 31, 2008, for a more detailed description of the risks facing our business. All forward-looking statements included in this release are based upon information available to SonicWALL as of the date of the release, and we assume no obligation to update any such forward-looking statement.
NOTE: SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
SonicWALL, Inc.
CONTACT: Colleen Nichols of SonicWALL, +1-408-962-6131,
cnichols@sonicwall.com; or Drew Smith of Bite Communications, +1-415-365-0401,
drew.smith@bitepr.com, for SonicWALL, Inc.
Web Site: http://www.sonicwall.com/
