Clavister Information for VU#637934

TCP does not adequately validate segments before updating timestamp value

Status

Not Affected

Vendor Statement

Clavister Security Gateway is itself not vulnerable to this attack. It also has the ability to protect clients against these attacks by allowing the administrator to specify that timestamp options should be removed from TCP packets.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.