-----BEGIN PGP SIGNED MESSAGE-----

CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
intruders to execute arbitrary code

   Original release date: September 06, 2001
   Last revised: --
   Source: CERT/CC

   A complete revision history can be found at the end of this file.

Systems Affected

  * Systems running the following products that use Gauntlet Firewall

     * Gauntlet for Unix versions 5.x
     * PGP e-ppliance 300 series version 1.0
     * McAfee e-ppliance 100 and 120 series
     * Gauntlet for Unix version 6.0
     * PGP e-ppliance 300 series versions 1.5, 2.0
     * PGP e-ppliance 1000 series versions 1.5, 2.0
     * McAfee WebShield for Solaris v4.1

Overview

   A vulnerability for a remotely exploitable buffer overflow exists
   in Gauntlet Firewall by PGP Security.

I. Description

   The buffer overflow occurs in the smap/smapd and CSMAP daemons.
   According to PGP Security, these daemons are responsible for
   handling email transactions for both inbound and outbound email.

   On September 04, 2001, PGP Security released a security bulletin
   and patches for this vulnerability. For more information, please
   see

          http://www.pgp.com/support/product-advisories/csmap.asp
          http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
          http://www.kb.cert.org/vuls/id/206723

II. Impact

   An intruder can execute arbitrary code with the privileges of the
   corresponding daemon. Additionally, firewalls often have trust
   relationships with other network devices. An intruder who
   compromises a firewall may be able to leverage this trust to
   compromise other devices on the network or to make changes to the
   network configuration.

III. Solution

Apply a patch

   Appendix A contains information provided by vendors for this
   advisory. We will update the appendix as we receive more
   information. If you do not see your vendor's name, the CERT/CC did
   not hear from that vendor. Please contact your vendor directly.

Appendix A. - Vendor Information

   This appendix contains information provided by vendors for this
   advisory. When vendors report new information to the CERT/CC, we
   update this section and note the changes in our revision
   history. If a particular vendor is not listed below, we have not
   received their comments.

Network Associates, Inc.

   PGP Security has published a security advisory describing this
   vulnerability as well as patches. This is available from

          http://www.pgp.com/support/product-advisories/csmap.asp
          http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp

References

    1. http://www.pgp.com/support/product-advisories/csmap.asp
    2. http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
    3. http://www.kb.cert.org/vuls/id/206723
     _________________________________________________________________

   The CERT Coordination Center thanks PGP Security for their
   advisory, on which this document is based.
   _________________________________________________________________

   Feedback on this document can be directed to the author, Ian A. Finlay.
   ______________________________________________________________________

   This document is available from:
   http://www.cert.org/advisories/CA-2001-25.html
   ______________________________________________________________________

CERT/CC Contact Information

   Email: certcert.org
          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
   EDT(GMT-4) Monday through Friday; they are on call for emergencies
   during other hours, on U.S. holidays, and on weekends.

    Using encryption

   We strongly urge you to encrypt sensitive information sent by
   email. Our public PGP key is available from

   http://www.cert.org/CERT_PGP.key

   If you prefer to use DES, please call the CERT hotline for more
   information.

    Getting security information

   CERT publications and other security information are available from
   our web site

   http://www.cert.org/

   To subscribe to the CERT mailing list for advisories and bulletins,
   send email to majordomocert.org. Please include in the body of
   your message

   subscribe cert-advisory

   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.
   ______________________________________________________________________

   NO WARRANTY

   Any material furnished by Carnegie Mellon University and the
   Software Engineering Institute is furnished on an "as is"
   basis. Carnegie Mellon University makes no warranties of any kind,
   either expressed or implied as to any matter including, but not
   limited to, warranty of fitness for a particular purpose or
   merchantability, exclusivity or results obtained from use of the
   material. Carnegie Mellon University does not make any warranty of
   any kind with respect to freedom from patent, trademark, or
   copyright infringement.
   _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

   Copyright 2001 Carnegie Mellon University.

   Revision History
   September 06, 2001: Initial release

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBO5gEwAYcfu8gsZJZAQEcjAP+PciEp6xeIK+dGr8Hazin4sXDP9KDYfus
FGN38fqzRZhNfA6ReO/9bbQp7pvuijcVB0F9BasNZc3HPTnxFpWaguqgWfNnihnB
+JZHzQ4HaK0tLWT4rcorfu7U5sdXz3zHPHkdPX8B4ael0h6XJ9hJ6rq6PMIDww+P
DQbVFE886v4=
=wcI5
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]