-----BEGIN
PGP SIGNED MESSAGE-----
CERT Advisory
CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
intruders to execute arbitrary code
Original
release date: September 06, 2001
Last revised: --
Source: CERT/CC
A complete
revision history can be found at the end of this file.
Systems
Affected
* Systems
running the following products that use Gauntlet Firewall
* Gauntlet
for Unix versions 5.x
* PGP e-ppliance 300 series version 1.0
* McAfee e-ppliance 100 and 120 series
* Gauntlet for Unix version 6.0
* PGP e-ppliance 300 series versions 1.5, 2.0
* PGP e-ppliance 1000 series versions 1.5, 2.0
* McAfee WebShield for Solaris v4.1
Overview
A vulnerability
for a remotely exploitable buffer overflow exists
in Gauntlet Firewall by PGP Security.
I. Description
The buffer
overflow occurs in the smap/smapd and CSMAP daemons.
According to PGP Security, these daemons are responsible for
handling email transactions for both inbound and outbound email.
On September
04, 2001, PGP Security released a security bulletin
and patches for this vulnerability. For more information, please
see
http://www.pgp.com/support/product-advisories/csmap.asp
http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
http://www.kb.cert.org/vuls/id/206723
II. Impact
An intruder
can execute arbitrary code with the privileges of the
corresponding daemon. Additionally, firewalls often have trust
relationships with other network devices. An intruder who
compromises a firewall may be able to leverage this trust to
compromise other devices on the network or to make changes to the
network configuration.
III. Solution
Apply a
patch
Appendix
A contains information provided by vendors for this
advisory. We will update the appendix as we receive more
information. If you do not see your vendor's name, the CERT/CC did
not hear from that vendor. Please contact your vendor directly.
Appendix
A. - Vendor Information
This appendix
contains information provided by vendors for this
advisory. When vendors report new information to the CERT/CC, we
update this section and note the changes in our revision
history. If a particular vendor is not listed below, we have not
received their comments.
Network
Associates, Inc.
PGP Security
has published a security advisory describing this
vulnerability as well as patches. This is available from
http://www.pgp.com/support/product-advisories/csmap.asp
http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
References
1. http://www.pgp.com/support/product-advisories/csmap.asp
2. http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
3. http://www.kb.cert.org/vuls/id/206723
_________________________________________________________________
The CERT
Coordination Center thanks PGP Security for their
advisory, on which this document is based.
_________________________________________________________________
Feedback
on this document can be directed to the author, Ian A. Finlay.
______________________________________________________________________
This document
is available from:
http://www.cert.org/advisories/CA-2001-25.html
______________________________________________________________________
CERT/CC
Contact Information
Email:
cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.
CERT/CC
personnel answer the hotline 08:00-17:00 EST(GMT-5) /
EDT(GMT-4) Monday through Friday; they are on call for emergencies
during other hours, on U.S. holidays, and on weekends.
Using
encryption
We strongly
urge you to encrypt sensitive information sent by
email. Our public PGP key is available from
http://www.cert.org/CERT_PGP.key
If you
prefer to use DES, please call the CERT hotline for more
information.
Getting
security information
CERT publications
and other security information are available from
our web site
http://www.cert.org/
To subscribe
to the CERT mailing list for advisories and bulletins,
send email to majordomo@cert.org. Please include in the body of
your message
subscribe
cert-advisory
* "CERT"
and "CERT Coordination Center" are registered in the U.S.
Patent and Trademark Office.
______________________________________________________________________
NO WARRANTY
Any material
furnished by Carnegie Mellon University and the
Software Engineering Institute is furnished on an "as is"
basis. Carnegie Mellon University makes no warranties of any kind,
either expressed or implied as to any matter including, but not
limited to, warranty of fitness for a particular purpose or
merchantability, exclusivity or results obtained from use of the
material. Carnegie Mellon University does not make any warranty of
any kind with respect to freedom from patent, trademark, or
copyright infringement.
_________________________________________________________________
Conditions
for use, disclaimers, and sponsorship information
Copyright
2001 Carnegie Mellon University.
Revision
History
September 06, 2001: Initial release
-----BEGIN
PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv
iQCVAwUBO5gEwAYcfu8gsZJZAQEcjAP+PciEp6xeIK+dGr8Hazin4sXDP9KDYfus
FGN38fqzRZhNfA6ReO/9bbQp7pvuijcVB0F9BasNZc3HPTnxFpWaguqgWfNnihnB
+JZHzQ4HaK0tLWT4rcorfu7U5sdXz3zHPHkdPX8B4ael0h6XJ9hJ6rq6PMIDww+P
DQbVFE886v4=
=wcI5
-----END PGP SIGNATURE-----
