Watchguard SOHO remote denial of service vulnerability - All versions prior to v5.0.35 crash when tcp traffic with bad IP options are sent. The Watchguard Soho firewall does not perform parsing of IP options unless the packet has to be forwarded. This means that most home users will not be affected by this vulnerability, unless they have a service running behind the firewall, that is enabled through port- forwarding (eg. FTP, HTTP).
d4e57f6e99405813301b492710370b3c468cb976efffd0630b0f2a18edb29d82
--------------------------------------------------------------------
-=>Watchguard SOHO Denial of Service<=-
Brought to you by KPMG Denmark
BUG-ID: 2002007 Released: 08th apr, 2002
--------------------------------------------------------------------
Problem:
========
Sending TCP traffic with bad IP options through the firewall makes it
crash and reboot.
Vulnerable:
===========
- All versions prior to 5.0.35
Details:
========
When the Watchguard Soho firewall attempts to parse packets with
certain malformed IP options, it will cause the firewall to crash
and reboot. This will effectively drop the current connections,
including the ones established through built-in VPN.
The Watchguard Soho firewall does not perform parsing of IP options
unless the packet has to be forwarded. This means that most home
users will not be affected by this vulnerability, unless they have
a service running behind the firewall, that is enabled through port-
forwarding (eg. FTP, HTTP).
Vendor URL:
===========
You can visit the vendors webpage here: http://www.watchguard.com
Vendor response:
================
The vendor was contacted on the 20th of March, 2002 regarding this
issue and a fix was announced on the 6th of April, 2002.
Corrective action:
==================
Install the latest firmware, 5.0.35 to correct the problem.
Author: Andreas Sandor (asandor@kpmg.dk)
--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------