|
Vulnerability FireBox Affected Watchguard Firebox Description Following is based on VIGILANTE-2000005 Security Advisory. Tested on the newest version of the Watchguard Firebox II (that was on the 22nd of June 2000), but it is very likely that this bug exists in all prior versions that include the authentication service (TCP port 4100). Sending a malformed URL to the authentication service running on TCP port 4100, causes it to shut down and requires a reboot of the Watchguard for it to work again. Solution Vendor was informed of the problem, and have been very cooperative in getting a patch developed for the problem. According to the vendor the problem is not caused by a buffer overflow. Fix (quote from the vendor): "all current WatchGuard LiveSecurity Subscribers have been sent the Service Pack that addresses this issue. Copies of this Service Pack can be downloaded from the WatchGuard LiveSecurity Archive. A work around that addresses the vulnerability from the external interface is to disable Authentication to the Firebox from the external interface. Upstream routers can also be used to control access to this service if access to the Authentication applet is required from the external interface and you do not wish to install the patch. For obvious reasons, these are sub-optimal solutions."