COMMAND

    FireBox

SYSTEMS AFFECTED

    Watchguard Firebox

PROBLEM

    Following is based on VIGILANTE-2000005 Security Advisory.  Tested
    on the newest  version of the  Watchguard Firebox II  (that was on
    the 22nd of June 2000), but it is very likely that this bug exists
    in all prior versions that include the authentication service (TCP
    port 4100).

    Sending a malformed URL  to the authentication service  running on
    TCP port 4100,  causes it to  shut down and  requires a reboot  of
    the Watchguard for it to work again.

SOLUTION

    Vendor was informed of the problem, and have been very cooperative
    in getting a  patch developed for  the problem.   According to the
    vendor the problem is not caused by a buffer overflow.  Fix (quote
    from the vendor): "all current WatchGuard LiveSecurity Subscribers
    have been sent the Service Pack that addresses this issue.  Copies
    of  this  Service  Pack  can  be  downloaded  from  the WatchGuard
    LiveSecurity Archive.

    A work around that  addresses the vulnerability from  the external
    interface is  to disable  Authentication to  the Firebox  from the
    external interface.  Upstream routers can also be used to  control
    access to this service if  access to the Authentication applet  is
    required  from  the  external  interface  and  you do  not wish to
    install the  patch.   For obvious  reasons, these  are sub-optimal
    solutions."