TUCoPS :: Network Appliances :: napl5252.htm

WatchGuard Firebox SOHO denial of service using bad IP options
9th Apr 2002 [SBWID-5252]

	WatchGuard Firewall SOHO denial of service using bad IP options


	All versions prior to 5.0.35


	In  KPMG  security  advidory  KPMG-2002007,  Andreas   Sandor   reported
	following      DoS      about       WatchGuard       Firewall       SOHO

	When the  Watchguard  Soho  firewall  attempts  to  parse  packets  with
	certain malformed IP options, it will cause the firewall  to  crash  and
	reboot. This will effectively drop the  current  connections,  including
	the ones established through built-in VPN.

	The Watchguard Soho firewall does not  perform  parsing  of  IP  options
	unless the packet has to be forwarded. This means that most  home  users
	will not be affected by this vulnerability, unless they have  a  service
	running behind the firewall, that is enabled  through  port-  forwarding
	(eg. FTP, HTTP).


	Install the latest firmware, 5.0.35 to correct the problem.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH