Network Associates reports that their Gauntlet firewall contains a
buffer overflow that allows remote users to execute arbitrary code and
get user-level OS access on the firewall.

Read all about it:
http://www.pgp.com/support/product-advisories/csmap.asp

Here's a quick summary:

The buffer overflow reportedly exists in the smap/smapd and CSMAP
daemons. These daemons process SMTP-based e-mail transactions for both
inbound and outbound e-mail. A remote user can trigger the buffer
overflow and cause arbitrary shell commands to be executed on the
firewall with the privileges of the daemon. The exact method of doing
this was not disclosed :-)

The security flaw apparently affects several Network Associates
products.

The following products are reported to contain a vulnerability in the
smap/smapd module:

Gauntlet for Unix versions 5.x
PGP e-ppliance 300 series version 1.0
McAfee e-ppliance 100 and 120 series

The following products are reported to contain a vulnerability in CSMAP:

Gauntlet for Unix version 6.0
PGP e-ppliance 300 series versions 1.5, 2.0
PGP e-ppliance 1000 series versions 1.5, 2.0
McAfee WebShield for Solaris v4.1

NAI gives credit to Garrison Technologies, Inc. for the bug find.

This summary was taken from
http://www.securitytracker.com/alerts/2001/Sep/1002321.html, as the
vendor's actual bulletin is copyright, etc. ...

Stuart

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]