9th Apr 2002 [SBWID-5252]
COMMAND
	WatchGuard Firewall SOHO denial of service using bad IP options
SYSTEMS AFFECTED
	All versions prior to 5.0.35
PROBLEM
	In  KPMG  security  advidory  KPMG-2002007,  Andreas   Sandor   reported
	following      DoS      about       WatchGuard       Firewall       SOHO
	[http://www.watchguard.com]:
	When the  Watchguard  Soho  firewall  attempts  to  parse  packets  with
	certain malformed IP options, it will cause the firewall  to  crash  and
	reboot. This will effectively drop the  current  connections,  including
	the ones established through built-in VPN.
	The Watchguard Soho firewall does not  perform  parsing  of  IP  options
	unless the packet has to be forwarded. This means that most  home  users
	will not be affected by this vulnerability, unless they have  a  service
	running behind the firewall, that is enabled  through  port-  forwarding
	(eg. FTP, HTTP).
SOLUTION
	Install the latest firmware, 5.0.35 to correct the problem.