WatchGuard Information for VU#328867
Multiple vendors' firewalls do not adequately keep state of FTP traffic
- Vendor Information Help Date Notified:
- Statement Date:
- Date Updated: 10 Oct 2002
After analyzing the FTP issue described in VU#3328867, WatchGuard's Rapid Response team found that WatchGuard's Firebox Model II and III families of products are not affected. However, WatchGuard SOHO products running firmware v5.1.6 and earlier, as well as WatchGuard Vclass/RSSA products using v3.2 SP1 and earlier, are susceptible to this type of attack. WatchGuard has released patches for both the Vclass and SOHO products to correct this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.