Sun Microsystems, Inc. Information for VU#464113

TCP/IP implementations handle unusual flag combinations inconsistently

Status

Not Affected

Vendor Statement

+ Solaris is not vulnerable to this issue.
+ The SunScreen Firewall products only pass packets with the SYN bit set to a host that it has been configured to allow a connection to. Setting extra bits in a packet will not change this behaviour. In addition, the SunScreen TCP state engine will check that the following conform to RFC 793 before passing them:

    * Packets in the three-way handshake.
    * Packets with FIN bit set.
    * Packets with RST bit set.

    Vendor Information

    We are not aware of further vendor information regarding this vulnerability.

    Vendor References

    None

    Addendum

    The CERT/CC has no additional comments at this time.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.