Global Technology Associates Information for VU#459371

Multiple IPsec implementations do not adequately validate authentication data

Status

Affected

Vendor Statement

After analyzing the IPSec issue described in VU#459371 Global Technology Associates, Inc. has determined that GTA firewall products running GNAT Box system software version prior to version 3.3.1 are vulnerable to this attack. GTA has released system software updates to correct this vulnerability.

For users with systems running GNAT Box system software version 3.3.0 a system software update version 3.3.1 is available from GTA's Online Support Center.
For users with systems running GNAT Box system software version 3.2.x a system software update version 3.2.6 is available from GTA's Online Support Center.
For users with systems running GNAT Box system software version 3.1.x or earlier no software update is available. Users should either upgrade to version 3.3.1 or add Remote Access filters to restrict access to designated remote VPN gateways.

To report potential security vulnerabilities in GTA products, send an E-mail message to: security-alert@gta.com.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.