[ SOURCE: http://www.secureroot.com/security/advisories/9665734024.html ] Watchguard Firebox Authentication DoS Advisory Code: VIGILANTE-2000005 Release Date: August 15, 2000 Systems Affected: Tested on the newest version of the Watchguard Firebox II (that was on the 22nd of June), but it is very likely that this bug exists in all prior versions that include the authentication service (TCP port 4100). THE PROBLEM Sending a malformed URL to the authentication service running on TCP port 4100, causes it to shut down and requires a reboot of the Watchguard for it to work again. Vendor Status: Vendor was informed of the problem, and have been very cooperative in getting a patch developed for the problem. According to the vendor the problem is not caused by a buffer overflow. Fix (quote from the vendor): "all current WatchGuard LiveSecurity Subscribers have been sent the Service Pack that addresses this issue. Copies of this Service Pack can be downloaded from the WatchGuard LiveSecurity Archive. To log into the archive, go to http://www.watchguard.com/support. A work around that addresses the vulnerability from the external interface is to disable Authentication to the Firebox from the external interface. Upstream routers can also be used to control access to this service if access to the Authentication applet is required from the external interface and you do not wish to install the patch. For obvious reasons, these are sub-optimal solutions." Vendor URL: http://www.watchguard.com Product URL: http://www.watchguard.com/products/fIImss.asp Copyright VIGILANTe 2000-08-15 Disclaimer: The information within this document may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any consequences whatsoever arising out of or in connection with the use or spread of this information. Any use of this information lays within the user's responsibility. Feedback: Please send suggestions, updates, and comments to: VIGILANTe mailto: info@vigilante.com http://www.vigilante.com