Date: Wed, 22 Nov 2000 19:54:32 -0800 From: Steve Fallin <Steve.Fallin@WATCHGUARD.COM> Subject: Re: Possible WatchGuard Firebox II DoS To: BUGTRAQ@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 November 22, 2000 On November 16, Bugtraq received a report and exploit code of a Denial of Service (DoS) attack against the WatchGuard LiveSecurity System (version 4.5 and previous). WatchGuard investigated the author's claim and verified the vulnerability. WatchGuard alerted all customers on November 17, noting that a fix would follow soon. The supported fix is now available and has been broadcast to all current LiveSecurity Subscribers. For more information please see https://www.watchguard.com/support/patches.html Sincerely, Steve Fallin Director, Rapid Response Team WatchGuard Technologies, Inc. - -----Original Message----- From: Steve Fallin Sent: Friday, November 17, 2000 3:12 PM To: BUGTRAQ@SECURITYFOCUS.COM Subject: RE: Possible WatchGuard Firebox II DoS - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On November 16, Bugtraq received a report and exploit code of a Denial of Service (DoS) attack against the WatchGuard LiveSecurity System. WatchGuard contacted the author of the report, and has since confirmed that the Firebox does not properly handle resource exhaustion of some proxied services (including FTP). Such a DoS may render some functions of the firewall inoperable until it is rebooted. The DoS does not, however, cause a security breach. Also, packet filtered traffic is unaffected. WatchGuard is currently testing a fix. The fix is expected to be available early in the week of November 20th. When the fix is published, current subscribers to our LiveSecurity Service will receive a broadcast containing the fix and will be able to download it from their personalized Web site at https://www.watchguard.com/support. For more information on WatchGuard's LiveSecurity Service, visit our Web site at http://www.watchguard.com/products/wgls.html. Sincerely, Steve Fallin Director, Rapid Response Team WatchGuard Technologies, Inc. - -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBOhW7O03Vi9lbkWzpEQLhMACgrD1YDcKkyY5SinmHsvsKaHws7xYAoMJp UrUyqXk7TtoY2godaSn94rQw =V1RE - -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBOhyVbk3Vi9lbkWzpEQLf0wCfauoYHC9XAxZaORXaRza8N9S7qEYAn10B 0HnJdxYI+byfLnQ0qTucL3ph =MSgn -----END PGP SIGNATURE-----