TUCoPS :: Network Appliances :: napl5252.htm

WatchGuard Firebox SOHO denial of service using bad IP options
9th Apr 2002 [SBWID-5252]
COMMAND

	WatchGuard Firewall SOHO denial of service using bad IP options

SYSTEMS AFFECTED

	All versions prior to 5.0.35

PROBLEM

	In  KPMG  security  advidory  KPMG-2002007,  Andreas   Sandor   reported
	following      DoS      about       WatchGuard       Firewall       SOHO
	[http://www.watchguard.com]:
	

	When the  Watchguard  Soho  firewall  attempts  to  parse  packets  with
	certain malformed IP options, it will cause the firewall  to  crash  and
	reboot. This will effectively drop the  current  connections,  including
	the ones established through built-in VPN.
	

	The Watchguard Soho firewall does not  perform  parsing  of  IP  options
	unless the packet has to be forwarded. This means that most  home  users
	will not be affected by this vulnerability, unless they have  a  service
	running behind the firewall, that is enabled  through  port-  forwarding
	(eg. FTP, HTTP).

SOLUTION

	Install the latest firmware, 5.0.35 to correct the problem.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH