Trend Micro Information for VU#464113
TCP/IP implementations handle unusual flag combinations inconsistently
- Vendor Information Help Date Notified: 23 Oct 2002
- Statement Date: 28 Oct 2002
- Date Updated: 29 Oct 2002
TrendMicro has been aware for some time of the potential problems that this TCP-Flag combination issue contains. TrendMicro has two products which make use of the network-layer, where these flags are used to identify the current session status. These products are GateLock <http://www.gatelockglobal.com> and PC-cillin <http://www.pccillin.com>. Neither product is affected.
PC-cillin is an antivirus and antihacker security solution for computers and PDAs. It includes a personal firewall. This firewall does not pass through undefined SYN,FIN combination packets to the protected local services/ports.
TrendMicro GateLock is an all-in-one, plug-and-play Internet appliance designed for home and SOHO networks that uses a broadband connection. This appliance includes a stateful inspection firewall which does not allow the establishment of a session to the protected hosts in case of a SYN,FIN combination packet.
All other TrendMicro gateway products are categorized as application-level firewalls. These products running in the application-layer. The underlaying OS is responsible for the three-way handshake.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.