Vigilante Security Advisory - Watchguard Firebox Authentication dos vulnerability. Sending a malformed URL to tcp port 4100 causes Watchguard to shut down and require a reboot to restart. Fix available here.
14919ca4948fe3696698e353b783188ead84c819a08b964e581bbb6c4dfa3cc0Watchguard Firebox Authentication DoS
Advisory Code: VIGILANTE-2000005
Release Date:
August 15, 2000
Systems Affected:
Tested on the newest version of the Watchguard Firebox II (that was on the
22nd of June), but it is very likely that this bug exists in all prior
versions that include the authentication service (TCP port 4100).
THE PROBLEM
Sending a malformed URL to the authentication service running on TCP port
4100, causes it to shut down and requires a reboot of the Watchguard for it
to work again.
Vendor Status:
Vendor was informed of the problem, and have been very cooperative in
getting a patch developed for the problem. According to the vendor the
problem is not caused by a buffer overflow.
Fix (quote from the vendor):
"all current WatchGuard LiveSecurity Subscribers have been
sent the Service Pack that addresses this issue. Copies of this
Service Pack can be downloaded from the WatchGuard LiveSecurity
Archive. To log into the archive, go to
http://www.watchguard.com/support. A work around that addresses the
vulnerability from the external interface is to disable Authentication
to the Firebox from the external interface. Upstream routers can also
be used to control access to this service if access to the
Authentication applet is required from the external interface and you
do not wish to install the patch. For obvious reasons, these are
sub-optimal solutions."
Vendor URL: http://www.watchguard.com
Product URL: http://www.watchguard.com/products/fIImss.asp
Copyright VIGILANTe 2000-08-15
Disclaimer:
The information within this document may change without notice. Use of
this information constitutes acceptance for use in an AS IS
condition. There are NO warranties with regard to this information.
In no event shall the author be liable for any consequences whatsoever
arising out of or in connection with the use or spread of this
information. Any use of this information lays within the user's
responsibility.
Feedback:
Please send suggestions, updates, and comments to:
VIGILANTe
mailto: info@vigilante.com
http://www.vigilante.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed