From asandor@kpmg.dk Wed Apr 10 07:02:04 2002 From: Andreas Sandor To: Date: Mon, 8 Apr 2002 15:11:51 +0200 Subject: [VulnWatch] KPMG-2002007: Watchguard SOHO Denial of Service [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] -------------------------------------------------------------------- -=>Watchguard SOHO Denial of Service<=- Brought to you by KPMG Denmark BUG-ID: 2002007 Released: 08th apr, 2002 -------------------------------------------------------------------- Problem: ======== Sending TCP traffic with bad IP options through the firewall makes it crash and reboot. Vulnerable: =========== - All versions prior to 5.0.35 Details: ======== When the Watchguard Soho firewall attempts to parse packets with certain malformed IP options, it will cause the firewall to crash and reboot. This will effectively drop the current connections, including the ones established through built-in VPN. The Watchguard Soho firewall does not perform parsing of IP options unless the packet has to be forwarded. This means that most home users will not be affected by this vulnerability, unless they have a service running behind the firewall, that is enabled through port- forwarding (eg. FTP, HTTP). Vendor URL: =========== You can visit the vendors webpage here: http://www.watchguard.com Vendor response: ================ The vendor was contacted on the 20th of March, 2002 regarding this issue and a fix was announced on the 6th of April, 2002. Corrective action: ================== Install the latest firmware, 5.0.35 to correct the problem. Author: Andreas Sandor (asandor@kpmg.dk) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. --------------------------------------------------------------------