发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-05 16:28:15

[原文]Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options.

[CNNVD]WatchGuard SOHO畸形TCP包可导致拒绝服务攻击漏洞(CNNVD-200208-113)

        Watchguard SOHO防火墙是适用于家庭办公室/小型办公室用户的防火墙实现,内部支持VPN实现。运行在Windows操作系统平台下。
        Watchguard SOHO防火墙在对不正常类型的TCP包处理存在漏洞,可导致拒绝服务攻击。
        如果Watchguard SOHO防火墙开启了允许转发包的功能,攻击者可以构建畸形的IP选项包发送给Watchguard SOHO防火墙,防火墙由于解析不当就可以导致程序崩溃,重新启动。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  watchguard-soho-ipoptions-dos(8774)
(VENDOR_ADVISORY)  BUGTRAQ  20020408 KPMG-2002007: Watchguard SOHO Denial of Service
(UNKNOWN)  VULNWATCH  20020408 [VulnWatch] KPMG-2002007: Watchguard SOHO Denial of Service

- 漏洞信息

WatchGuard SOHO畸形TCP包可导致拒绝服务攻击漏洞
中危 其他
2002-08-12 00:00:00 2005-10-20 00:00:00
        Watchguard SOHO防火墙是适用于家庭办公室/小型办公室用户的防火墙实现,内部支持VPN实现。运行在Windows操作系统平台下。
        Watchguard SOHO防火墙在对不正常类型的TCP包处理存在漏洞,可导致拒绝服务攻击。
        如果Watchguard SOHO防火墙开启了允许转发包的功能,攻击者可以构建畸形的IP选项包发送给Watchguard SOHO防火墙,防火墙由于解析不当就可以导致程序崩溃,重新启动。

- 公告与补丁

        * 暂时没有合适的临时解决方法。

- 漏洞信息

WatchGuard Firebox SOHO Invalid IP Options DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

WatchGuard Firebox SOHO contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends IP packets with invalid IP options set which will crash the firewall resulting in a loss of availability.

- 时间线

2002-04-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 5.0.35 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

WatchGuard SOHO Firewall Malformed TCP Packet DoS Vulnerability
Failure to Handle Exceptional Conditions 4447
Yes No
2002-04-08 12:00:00 2009-07-11 11:56:00
Discovery is credited to Andreas Sandor <>.

- 受影响的程序版本

WatchGuard SOHO Firewall 5.0.31
WatchGuard SOHO Firewall 5.0.29
WatchGuard SOHO Firewall 5.0.28
WatchGuard SOHO Firewall 5.0.35

- 不受影响的程序版本

WatchGuard SOHO Firewall 5.0.35

- 漏洞讨论

WatchGuard SOHO Firewall is a firewall appliance intended for use by Home Office/Small Office users. It offers built-in VPN capabilities.

WatchGuard SOHO Firewall crashes when handling certain types of malformed TCP packets. Upon attempting to forward a packet with bad IP options, the firewall will crash and reboot. All current connections will drop when this occurs.

It should be noted that this is only an issue for packets that are forwarded by the firewall appliance.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: &lt;;.

- 解决方案

This issue has been addressed in version 5.0.35 of the firmware for the firewall product. Those affected by this vulnerability are advised to upgrade.

- 相关参考