KPMG-2002007: Watchguard SOHO Denial of Service

["Andreas Sandor" <asandor () kpmg dk>]

--------------------------------------------------------------------
                -=>Watchguard SOHO Denial of Service<=- 
                    Brought to you by KPMG Denmark
BUG-ID: 2002007                             Released: 08th apr, 2002
-------------------------------------------------------------------- 
Problem: 
======== 
Sending TCP traffic with bad IP options through the firewall makes it 
crash and reboot.


Vulnerable: 
=========== 
- All versions prior to 5.0.35

Details: 
======== 
When the Watchguard Soho firewall attempts to parse packets with
certain malformed IP options, it will cause the firewall to crash
and reboot. This will effectively drop the current connections,
including the ones established through built-in VPN.

The Watchguard Soho firewall does not perform parsing of IP options
unless the packet has to be forwarded. This means that most home
users will not be affected by this vulnerability, unless they have
a service running behind the firewall, that is enabled through port-
forwarding (eg. FTP, HTTP).


Vendor URL: 
=========== 
You can visit the vendors webpage here: http://www.watchguard.com

Vendor response: 
================ 
The vendor was contacted on the 20th of March, 2002 regarding this 
issue and a fix was announced on the 6th of April, 2002. 

Corrective action: 
================== 
Install the latest firmware, 5.0.35 to correct the problem.

Author: Andreas Sandor (asandor () kpmg dk) 
--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------