CVE-2001-1431

Name of the Vulnerable Software and Affected Versions Nokia Firewall Appliances versions 3.3 through 3.4.1 with specific VPN-1/FireWall-1 service packs

Description The issue concerns the improper rewriting of the third packet of a TCP three-way handshake when SYN Defender is configured in Active Gateway mode. This allows remote attackers to gain sensitive information.

Recommendations For Nokia Firewall Appliances version 3.3 with VPN-1/FireWall-1 4.1 Service Pack 3, update to a version with the corrected SYN Defender configuration. For Nokia Firewall Appliances version 3.4 with VPN-1/FireWall-1 4.1 Service Pack 4, update to a version with the corrected SYN Defender configuration. For Nokia Firewall Appliances version 3.4 or 3.4.1 with VPN-1/FireWall-1 4.1 Service Pack 5, update to a version with the corrected SYN Defender configuration. As a temporary workaround, consider disabling SYN Defender in Active Gateway mode until a patch is available.