mailing list archives
Re: Possible WatchGuard Firebox II DoS
From: Steve Fallin <Steve.Fallin () WATCHGUARD COM>
Date: Fri, 17 Nov 2000 15:09:50 -0800
-----BEGIN PGP SIGNED MESSAGE-----
On November 16, Bugtraq received a report and exploit code of a Denial
of Service (DoS) attack against the WatchGuard LiveSecurity System.
WatchGuard contacted the author of the report, and has since confirmed
that the Firebox does not properly handle resource exhaustion of some
proxied services (including FTP). Such a DoS may render some functions
of the firewall inoperable until it is rebooted. The DoS does not,
however, cause a security breach. Also, packet filtered traffic is
WatchGuard is currently testing a fix. The fix is expected to be
available early in the week of November 20th.
When the fix is published, current subscribers to our LiveSecurity
Service will receive a broadcast containing the fix and will be able
to download it from their personalized Web site at
https://www.watchguard.com/support. For more information on
WatchGuard's LiveSecurity Service, visit our Web site at
Director, Rapid Response Team
WatchGuard Technologies, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2
-----END PGP SIGNATURE-----