WatchGuard Firebox ICMP Processing Errors Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1013698
|
|
SecurityTracker URL: http://securitytracker.com/id?1013698
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 13 2005
|
Impact: Denial of service via network
|
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in the WatchGuard Firebox firewalls in the processing of ICMP messages. A remote user can cause denial of service conditions.
A remote user can send specially crafted ICMP packets to the target firewall to cause denial of service conditions. TCP sessions
which originate from or terminate on the firewall or which pass through the firewall can be reset by a remote user if the remote
user can guess the source and destination address and port combinations for that session.
This type of vulnerability was described
by Fernando Gont in the Internet Draft "ICMP attacks against TCP" (http://www.ietf.org/internet-drafts/draft-gont-tcpm-icmp-attacks-03.txt).
|
Impact: A remote user can cause TCP sessions passed through or processed by the device to be terminated.
|
Solution: No solution was available at the time of this entry.
The vendor plans to issue fixes as part of previously scheduled software releases in the Q2-Q3 2005 time frame.
|
Vendor URL: www.watchguard.com/ (Links to External Site)
|
Cause: State error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 13 Apr 2005 16:46:44 -0400
Subject: [none]
|
US-CERT reports that WatchGuard firewalls are affected by the recently reported ICMP
denial of service vulnerabilities.
TCP sessions which originate from or terminate on the firewall or which pass through
the firewall can be reset by a remote user if the remote user can guess the source and
destination address and port combinations for that session.
The vendor plans to issue fixes as part of previously scheduled software releases
in the Q2-Q3 2005 time frame.
|
|
