You are hereWatchguard Hotfix Addresses SSL Vulnerability Affecting Fireware Users

Watchguard Hotfix Addresses SSL Vulnerability Affecting Fireware Users

By chri - Posted on 19 May 2008

From here: https://www.watchguard.com/archive/showhtml.asp?pack=70113 (you probably need a login to see this page)
Together with Watchguard we took the decision not to make a full-disclosure with all the details of the leak and exploit. Why? Well it will take some time before all the customers move away from their v10.0 version and publishing the full details would not be a good idea for both Watchguard and the customers.


10.1.1 Hotfix Addresses SSL Vulnerability Affecting Fireware Users

Severity: High

11 May, 2008

Summary:

WatchGuard's implementation of Mobile VPN with SSL in Fireware 10.1 and previous versions is vulnerable to a serious attack. Successful exploitation of this vulnerability leads to the disclosure of information about the state of the Firebox. The hotfix (10.1.1) to Fireware fixes this vulnerability. WatchGuard strongly advises customers using Mobile VPN with SSL to install this hotfix immediately.

FAQ:

Are WatchGuard's other SSL-capable products affected?

No. The WatchGuard SSL 500 and SSL 1000 products, the Firebox SSL Core gateway, and the mobile user VPN with SSL on Firebox X Edge products are not affected by this vulnerability.

What exactly is the vulnerability?

This is an information disclosure vulnerability; an attacker could gain information not otherwise available about the Firebox. This vulnerability is present in Firebox Core and Peak class devices running Fireware 10.1 and previous versions. It is NOT present in Firebox Edge class devices.

How serious is the vulnerability?

It is quite serious. Successful exploitation would yield significant information about the state of the Firebox. While the attacker would not gain control of the Firebox via this vulnerability, he would learn a great deal about how the Firebox works.

Other than installing the hotfix, is there a workaround?

Yes. We recommend that you disable Mobile VPN with SSL until you have installed the patch. WatchGuard's other Mobile VPN options (IPSec and PPTP) are unaffected by these vulnerabilities, and may be an appropriate substitute for Mobile VPN with SSL.

Where can I go to get the hotfix?

The hotfix is currently available via the software download center on WatchGuard's web site.

Is 10.1.1 a replacement for for 10.1?

Yes, 10.1.1 supersedes 10.1. Consequently, we have removed 10.1 from the software download center.

How was this vulnerability discovered?

This vulnerability was discovered by Christophe Vandeplas and confidentially reported to WatchGuard. We would like to publicly thank Mr. Vandeplas for working with us to keep our customers secure.

Do you have any indication that is it being exploited in the wild?

No, at this time we have no indication that the vulnerability is being exploited in the wild.


Tags
THX, Christophe!
Submitted by editor (not verified) on Tue, 05/27/2008 - 17:09.
THX, Christophe!

I Love Belgium... and you?

About Me
GnuPG Public Key Still More LinkedIn profile
Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep
FOSDEM Profoss hacker emblem www.cacert.org
Get OpenOffice Get Firefox Get Thunderbird
What is OpenID?