[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Watchguard Firebox Authentication DoS

Title: Watchguard Firebox Authentication DoS
Released by: Vigilante
Date: 15th August 2000
Printable version: Click here
Watchguard Firebox Authentication DoS



Advisory Code:   VIGILANTE-2000005



Release Date:

August 15, 2000



Systems Affected:

Tested on the newest version of the Watchguard Firebox II (that was on the

22nd of June), but it is very likely that this bug exists in all prior

versions that include the authentication service (TCP port 4100).



THE PROBLEM

Sending a malformed URL to the authentication service running on TCP port

4100, causes it to shut down and requires a reboot of the Watchguard for it

to work again.



Vendor Status:

Vendor was informed of the problem, and have been very cooperative in

getting a patch developed for the problem. According to the vendor the

problem is not caused by a buffer overflow.



Fix (quote from the vendor):

"all current WatchGuard LiveSecurity Subscribers have been

sent the Service Pack that addresses this issue.  Copies of this

Service Pack can be downloaded from the WatchGuard LiveSecurity

Archive.  To log into the archive, go to

http://www.watchguard.com/support.  A work around that addresses the

vulnerability from the external interface is to disable Authentication

to the Firebox from the external interface.  Upstream routers can also

be used to control access to this service if access to the

Authentication applet is required from the external interface and you

do  not wish to install the patch.  For obvious reasons, these are

sub-optimal solutions."



Vendor   URL: http://www.watchguard.com

Product  URL: http://www.watchguard.com/products/fIImss.asp



Copyright VIGILANTe 2000-08-15



Disclaimer:

The information within this document may change without notice. Use of

this information constitutes acceptance for use in an AS IS

condition. There are NO warranties with regard to this information.

In no event shall the author be liable for any consequences whatsoever

arising out of or in connection with the use or spread of this

information. Any use of this information lays within the user's

responsibility.



Feedback:

Please send suggestions, updates, and comments to:



VIGILANTe

mailto: info@vigilante.com

http://www.vigilante.com










(C) 1999-2000 All rights reserved.