Notified: January 10, 2003 Updated: January 16, 2003
Statement Date: January 10, 2003
Clavister Firewall: Not Vulnerable All versions of Clavister Firewall explicitly fill frame paddings with zeroes above the driver level to avoid this problem. This prevents the firewall itself from becoming a source of information leaks, and also protects hosts that themselves are sources of information leaks. This zero padding is done for all datagram types; IP as well as non-IP protocols like ARP.
We are not aware of further vendor information regarding this vulnerability.
The CERT/CC has no additional comments at this time.