Updated: June 03, 2003
Not Affected
Check Point Software does not and has never supported the Linux 2.0 kernel, thus no versions of Check Point products are affected by this advisory.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
Clavister Firewall: Not vulnerable Clavister Firewall uses its own self-contained operating system and is, as such, not affected by Linux bugs. It can, however, protect vulnerable linux machines by blocking ICMP errors and stripping the "Don't Fragment" bit of all packets that pass through it to avoid the Path MTU Discovery "black holes" that otherwise result from blocking ICMP errors.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 26, 2003
Not Affected
Fujitsu's UXP/V o.s. is not affected by the problem in VU#471084.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 11, 2003
Not Affected
NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
Ingrian Networks products are not vulnerable to VU#471084.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
NetScreen is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
Novell has no products supported on the affected Linux kernel versions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 26, 2003
Not Affected
The Sidewinder, Sidewinder G2, and Gauntlet firewalls are not based on Linux, and are thus not affected by this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
Stonesoft's StoneGate high availability firewall and VPN product does not use the vulnerable version of Linux kernel and is thus not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
Sun is not vulnerable to this issue. None of our currently supported products use the 2.0.x series of Linux kernels. All of our current products use the 2.2.x or 2.4.x series of kernels.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: June 03, 2003
Not Affected
We have evaluated our products and determined that none embed or has dependances on the vulnerable Linux kernel versions.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 14, 2003
Affected
We have done further analysis in conjunction w/ the reporter and have found the following. Our earlier tests conducted with a tool supplied by the reporter indicated that the information leak was limited to 18 bytes every 30 seconds. We have done further analysis in conjunction w/ the reporter using a different tool and have found the following: Each instance of an attack would generate a copy of whatever was in the effected buffer. Unless the size of the ICMP payload changes from request to request it'll copy the same address in memory over and over again sending out whatever happens to be in that buffer at that instant. In our testing we observed that much of the data being leaked is the same. As the size of the payload changes, so does the address range within this buffer that the vulnerability effects. We expect to have the fix available to customers by August 6th through WatchGuard's regular software distribution channels. Please direct any questions regarding this or any other security issue with WatchGuard products to steve.fallin@watchguard.com Steve Fallin Director, Rapid Response Team WatchGuard Technologies, Inc. http://www.watchguard.com mailto:steve.fallin@watchguard.com
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.