ZyXEL Information for VU#328867

Multiple vendors' firewalls do not adequately keep state of FTP traffic

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

It has been reported that the ZyXEL ZyWALL is not vulnerable, possibly if running firmware version 3.50 or higher.

This is a annoucement that our ZyWALL firewall series, including ZYWALL-1, ZyWALL-10, ZyWALL-50 and ZyWALL-100, are not vulnerable to the special FTP attack reported in CERT website (http://www.kb.cert.org/vuls/id/328867). ZyWALL firmware from day one v3.50 can prevent from this FTP vulnerability.

If you have feedback, comments, or additional information about this vulnerability, please send us email.