WatchGuard SOHO Firewall fragmented IP packet attack
| watchguard-soho-fragmented-packets (5749) |  Medium Risk |
Description:
WatchGuard SOHO Firewall is vulnerable to a denial of service attack, caused by a fragmented IP packet attack. A remote attacker can send a large volume of fragmented IP packets directed at the firewall to exhause the device's resources and cause the firewall to stop forwarding packets between interfaces and drop all connections. The firewall must be rebooted to regain normal functionality.
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of WatchGuard SOHO firmware (2.2.1 or later), available from the WatchGuard Technologies Web site. See References.
References:
- BugTraq Mailing List, Wed Dec 13 2000 - 17:41:50 CST: Multiple vulnerabilities in the WatchGuard SOHO Firewall.
- Internet Security Systems Security Alert #70: Multiple vulnerabilities in the WatchGuard SOHO Firewall.
- WatchGuard Technologies Web site: WatchGuard SOHO Firewall Software Updates.
- BID-2113: Watchguard SOHO Firewall Fragmented IP Packet DoS Vulnerability
- CVE-2000-0896: WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.
- OSVDB ID: 1690: WatchGuard Firebox SOHO Fragmented IP Packet DoS
Platforms Affected:
- WatchGuard WatchGuard SOHO 1.6.x
- WatchGuard WatchGuard SOHO 2.1.3 and prior
Reported:
Dec 14, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net