--------------------------------------------------------------------
Title: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
BUG-ID: 2002030, Released: 9th Jul 2002
Authors: Andreas Sandor, Peter Gründl
--------------------------------------------------------------------
Problem:
========
A malicious user can crash the Dynamic VPN Configuration Protocol service
(DVCP) by sending a malformed packet to the listener service on TCP port
4110.
Vulnerable:
===========
- Watchguard Firebox firmware v5.x.x
Not Vulnerable:
===============
- Watchguard Firebox firmware v6.0.b1140
Product Description:
====================
Quoted from the vendor webpage:
"The WatchGuard® Firebox System is a powerful security solution that gives
small and medium sized businesses, central offices, and VPN hubs integrated
firewall protection and VPN support."
"About DVCP
DVCP is a WatchGuard client server protocol that securely transmits IPSec
VPN configuration information to WatchGuard Fireboxes. Network
administrators use WatchGuard software to define each configuration aspect
of the VPN, such as encryption algorithms and how often keys will be
negotiated, then the settings are stored on a centrally located DVCP
Server.When a Firebox is installed and initialized with software and
instructions, a software client on the Firebox contacts the central DVCP
server to obtain IPSec policy information using a secure protocol."
Details:
========
The DVCP service can be crashed using anywhere between 1 and 400 packets of
tab characters, followed by a CRLF. The firewall needs to be rebooted for
the DVCP service to function again.
Vendor URL:
===========
You can visit the vendor webpage here:
Vendor response:
================
The vendor was notified on the 8th of May, 2002. On the 23rd of May, 2002
the vendor notified us that the issue would be resolved in the next version
(6.x). On the 9th of July we verified that the problem was resolved in the
new firmware version.
Corrective action:
==================
Upgrade to firmware version 6.x, available at the livesecurity website. If
you are not a subscriber to the livesecurity service, please contact
Watchguard support further assistance.
Hope above info is useful.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!![[pipe]](/data/assets/smilies/pipe.gif "[pipe] [pipe]")
jliu@Cipk.com
Title: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
BUG-ID: 2002030, Released: 9th Jul 2002
Authors: Andreas Sandor, Peter Gründl
--------------------------------------------------------------------
Problem:
========
A malicious user can crash the Dynamic VPN Configuration Protocol service
(DVCP) by sending a malformed packet to the listener service on TCP port
4110.
Vulnerable:
===========
- Watchguard Firebox firmware v5.x.x
Not Vulnerable:
===============
- Watchguard Firebox firmware v6.0.b1140
Product Description:
====================
Quoted from the vendor webpage:
"The WatchGuard® Firebox System is a powerful security solution that gives
small and medium sized businesses, central offices, and VPN hubs integrated
firewall protection and VPN support."
"About DVCP
DVCP is a WatchGuard client server protocol that securely transmits IPSec
VPN configuration information to WatchGuard Fireboxes. Network
administrators use WatchGuard software to define each configuration aspect
of the VPN, such as encryption algorithms and how often keys will be
negotiated, then the settings are stored on a centrally located DVCP
Server.When a Firebox is installed and initialized with software and
instructions, a software client on the Firebox contacts the central DVCP
server to obtain IPSec policy information using a secure protocol."
Details:
========
The DVCP service can be crashed using anywhere between 1 and 400 packets of
tab characters, followed by a CRLF. The firewall needs to be rebooted for
the DVCP service to function again.
Vendor URL:
===========
You can visit the vendor webpage here:
Vendor response:
================
The vendor was notified on the 8th of May, 2002. On the 23rd of May, 2002
the vendor notified us that the issue would be resolved in the next version
(6.x). On the 9th of July we verified that the problem was resolved in the
new firmware version.
Corrective action:
==================
Upgrade to firmware version 6.x, available at the livesecurity website. If
you are not a subscriber to the livesecurity service, please contact
Watchguard support further assistance.
Hope above info is useful.
It's not about whether you can do it or not, it's about HOW
OK, Let's Do It !!!
jliu@Cipk.com
