COMMAND

    FW-1

SYSTEMS AFFECTED

    Those using FW-1

PROBLEM

    Malikai found  following.   There is  a known  bug with FireWall-1
    relating to any (presumably)  udp packet destined to  any (through
    the vpn)  host at  port 0.   This bug  was identified  by someone,
    however since it has not yet been disclosed.  This issue is  valid
    for  (to  knowledge)  any  flavor  of encryption (DES, 3DES, FWZ1,
    ISAKMP, etc.).   ISAKMP encapsulation is  the only one  vulnerable
    to this attack.  It will reboot a solaris machine when exploited.

SOLUTION

    Yet to be fixed.