Clavister Information for VU#412115

Network device drivers reuse old frame buffer data to pad packets

Status

Not Affected

Vendor Statement

Clavister Firewall: Not Vulnerable

All versions of Clavister Firewall explicitly fill frame paddings with zeroes above the driver level to avoid this problem. This prevents the firewall itself from becoming a source of information leaks, and also protects hosts that themselves are sources of information leaks.

This zero padding is done for all datagram types; IP as well as non-IP protocols like ARP.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.