ZyXEL ZyWALL Malformed ARP Packet DoS

2002-03-11T00:00:00
ID OSVDB:9981
Type osvdb
Reporter Knud Erik Højgaard(knud@cybercity.dk)
Modified 2002-03-11T00:00:00

Description

Vulnerability Description

ZyXEL ZyWALL 10 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker send a malformed ARP packet with an invalid MAC address and the IP address of the device, and will result in loss of availability for the LAN connection. The device must be restarted to regain normal functionality.

Solution Description

Upgrade to version 3.50(WA.2) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ZyXEL ZyWALL 10 contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker send a malformed ARP packet with an invalid MAC address and the IP address of the device, and will result in loss of availability for the LAN connection. The device must be restarted to regain normal functionality.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-03/0122.html ISS X-Force ID: 8436 CVE-2002-0438 Bugtraq ID: 4272