Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

Secure Computing Network Security Division Information for VU#739224

Date Notified:2007-04-16
Date Updated:
Status Summary:Vulnerable

Vendor Statement

Sidewinder G2 and Sidewinder 7.0 Firewall base system: Not Vulnerable

Sidewinder G2 and the Sidewinder 7.0 Firewall base system does not have any elements which could be bypassed by this attack.


Sidewinder 7.0 IPS premium feature: Vulnerable
By design, the Sidewinder 7's IPS subsystem detects attempts to use this evasion technique, as well as other evasive encodings, and will either block or audit as configured. However, due to a software issue this protection can be bypassed. A software update (Sidewinder 7.0.0.02.H02) was released on 7/3/07 to correct this flaw, and is available to all customers with a current support contract.

SnapGear: Vulnerable
SnapGear products at version 3.1.5 and earlier include a vulnerable version of Snort. This will be corrected in an upcoming release.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2008 by US-CERT, a government organization
Disclaimers and copyright information