Secure Computing Corporation Information for VU#328867

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Status

Not Affected

Vendor Statement

This is the official Secure Computing response to CERT Vulnerability Note VU# 328867 "Multiple vendors' firewalls do not adequately keep state of FTP traffic."

GAUNTLET (tm) FIREWALL & VPN (5.X and 6.0)
Not vulnerable.

GAUNTLET E-PPLIANCE FIREWALL & VPN (EPL 1.X and 2.0)
Not vulnerable.

SIDEWINDER(tm) FIREWALL & VPN (all releases including SIDEWINDER APPLIANCE)
Not vulnerable.

Secure Computing's defense-in-depth architecture including the SecureOS(tm) operating system and application level proxies protect against this attack and another recent CERT vulnerability that affected lesser firewalls. Please see http://www.securecomputing.com/index.cfm?skey=232 for additional information.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.