Sun Microsystems, Inc. Information for VU#464113
TCP/IP implementations handle unusual flag combinations inconsistently
+ Solaris is not vulnerable to this issue.
+ The SunScreen Firewall products only pass packets with the SYN bit set to a host that it has been configured to allow a connection to. Setting extra bits in a packet will not change this behaviour. In addition, the SunScreen TCP state engine will check that the following conform to RFC 793 before passing them:
* Packets in the three-way handshake.
* Packets with FIN bit set.
* Packets with RST bit set.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.