IBM Information for VU#328867

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Status

Not Affected

Vendor Statement

The vulnerability that is being referred, is for the firewalls that monitor the application layer data and open the ports. In IBM Firewall's Dynamic PASV ftp, the filter rules for data connections are activated dynamically by monitoring the ftp control connection. The activation of these rules is state based, where in the filter rule needed for a data connection is opened only after the "PASV ----> 227........" handshake completes between the end points. That is, firewall considers "227 ..." reply to a ftp client as valid, only after the corresponding "PASV" command from that ftp client is observed. So, I think IBM-SecureWay firewall is not vulnerable to the attack being referred.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.