Watchguard Firebox II FTP Proxy DoS Vulnerability
BID:1953
Info
Watchguard Firebox II FTP Proxy DoS Vulnerability
| Bugtraq ID: | 1953 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 16 2000 12:00AM |
| Updated: | Nov 16 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq by Raptor <[email protected]> on November 16, 2001. |
| Vulnerable: |
WatchGuard Firebox II 4.5 WatchGuard Firebox II 4.1 |
| Not Vulnerable: | |
Discussion
Watchguard Firebox II FTP Proxy DoS Vulnerability
The Watchguard Firebox II is a popular hardware based firewall.
A vulnerability exists in the Firebox II that could allow a remote attacker to launch a Denial of Service attack against the FTP proxy of the firewall. If an attacker is able to connect to the FTP proxy and launch a connection flood, the proxy and the port the service is running on will hang and in the process, shutdown all other services on the firewall. Upon a successful attack, CPU utilization will become 100% and the firewall will have to be rebooted.
It should be noted that for an external attack to be successful, the FTP Proxy must be enabled on the untrusted interface (it is not enabled by default on the untrusted interface).
The Watchguard Firebox II is a popular hardware based firewall.
A vulnerability exists in the Firebox II that could allow a remote attacker to launch a Denial of Service attack against the FTP proxy of the firewall. If an attacker is able to connect to the FTP proxy and launch a connection flood, the proxy and the port the service is running on will hang and in the process, shutdown all other services on the firewall. Upon a successful attack, CPU utilization will become 100% and the firewall will have to be rebooted.
It should be noted that for an external attack to be successful, the FTP Proxy must be enabled on the untrusted interface (it is not enabled by default on the untrusted interface).
Exploit / POC
Watchguard Firebox II FTP Proxy DoS Vulnerability
Please see discussion.
Please see discussion.
Solution / Fix
Watchguard Firebox II FTP Proxy DoS Vulnerability
Solution:
Watchguard has issued a patch which addresses this vulnerability.
WatchGuard Firebox II 4.1
WatchGuard Firebox II 4.5
Solution:
Watchguard has issued a patch which addresses this vulnerability.
WatchGuard Firebox II 4.1
-
Watchguard Hotfix112000LSS41.wls
https://www.watchguard.com/docs/Hotfix112000LSS41.wls
WatchGuard Firebox II 4.5
-
Watchguard Hotfix112000LSS45.wls
https://www.watchguard.com/docs/Hotfix112000LSS45.wls
References
Watchguard Firebox II FTP Proxy DoS Vulnerability
References:
References:
- WatchGaurd Customer Support (WatchGuard Technologies Inc.)