Trend Micro Information for VU#464113

TCP/IP implementations handle unusual flag combinations inconsistently

Status

Not Affected

Vendor Statement

TrendMicro has been aware for some time of the potential problems that this TCP-Flag combination issue contains. TrendMicro has two products which make use of the network-layer, where these flags are used to identify the current session status. These products are GateLock <http://www.gatelockglobal.com> and PC-cillin <http://www.pccillin.com>. Neither product is affected.

PC-cillin is an antivirus and antihacker security solution for computers and PDAs. It includes a personal firewall. This firewall does not pass through undefined SYN,FIN combination packets to the protected local services/ports.

TrendMicro GateLock is an all-in-one, plug-and-play Internet appliance designed for home and SOHO networks that uses a broadband connection. This appliance includes a stateful inspection firewall which does not allow the establishment of a session to the protected hosts in case of a SYN,FIN combination packet.

All other TrendMicro gateway products are categorized as application-level firewalls. These products running in the application-layer. The underlaying OS is responsible for the three-way handshake.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.