Novell has released BorderManager 3.7 SP2. This fixes issues, where some potentially could be security related.
Novell also reports that firewalls with logging enabled may not work properly after being stressed for a long period of time. This issue has NOT been fixed with SP2 and no further information is available.
The following issues could pose as security risks. This has not been confirmed, though.
Changes to ICMP Replay Attacks:
- Stateful filters no longer allow repeated reply ICMP error messages through the firewall.
Changes to FTP PASV Vulnerability:
- To prevent opening of FTP data ports due to error responses from the FTP server, set the following parameter:
SET FILTER FTP PASV attack = On
- Any user can view BorderManager logs from NwAdmin.
- CSATPXY.NLM abends due to illegal data.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com