Original release date: September 06, 2001<BR> Last revised: --<BR> Source: CERT/CC<BR> <P>A complete revision history can be found at the end of this file. <A NAME="affected"> <H3>Systems Affected</H3> <UL> <LI>Systems running the following products that use Gauntlet Firewall</LI> <UL> <LI>Gauntlet for Unix versions 5.x<LI>PGP e-ppliance 300 series version 1.0<LI>McAfee e-ppliance 100 and 120 series <LI>Gauntlet for Unix version 6.0<LI>PGP e-ppliance 300 series versions 1.5, 2.0<LI>PGP e-ppliance 1000 series versions 1.5, 2.0<LI>McAfee WebShield for Solaris v4.1</UL> </UL></UL> <br> <A NAME="overview"> <H2>Overview</H2> <P> A vulnerability for a remotely exploitable buffer overflow exists in <a href="http://www.pgp.com/products/gauntlet/default.asp">Gauntlet Firewall</a> by <a href="http://www.pgp.com/default.asp">PGP Security.</a></P> <A NAME="description"> <H2>I. Description</H2> <P>The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound email. <p>On September 04, 2001, PGP Security released a security bulletin and patches for this vulnerability. For more information, please see <dl> <dd> <A href="http://www.pgp.com/support/product-advisories/csmap.asp">http://www.pgp.com/support/product-advisories/csmap.asp</a> </dd> <dd> <a href="http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp">http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp</a> <dd> <a href="http://www.kb.cert.org/vuls/id/206723">http://www.kb.cert.org/vuls/id/206723</a> </dd> </dl> <A NAME="impact"> <H2>II. Impact</H2> <P>An intruder can execute arbitrary code with the privileges of the corresponding daemon. Additionally, firewalls often have trust relationships with other network devices. An intruder who compromises a firewall may be able to leverage this trust to compromise other devices on the network or to make changes to the network configuration.</P> <A NAME="solution"> <H2>III. Solution</H2> <H4>Apply a patch</H4> <P> Appendix A contains information provided by vendors for this advisory. We will update the appendix as we receive more information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact your vendor directly. </P> <A NAME="vendors"> <H2>Appendix A. - Vendor Information</H2> <P>This appendix contains information provided by vendors for this advisory. When vendors report new information to the CERT/CC, we update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.</P> <!-- end vendor --> <A NAME="nai"> <H4>Network Associates, Inc.</H4> <p>PGP Security has published a security advisory describing this vulnerability as well as patches. This is available from <DL><DD> <A HREF="http://www.pgp.com/support/product-advisories/csmap.asp">http://www.pgp.com/support/product-advisories/csmap.asp</A> </dd> <dd> <a href="http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp">http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp</a> </dl> </dd> </p> <!-- end vendor --> <h2>References</h2> <ol> <li><a href="http://www.pgp.com/support/product-advisories/csmap.asp">http://www.pgp.com/support/product-advisories/csmap.asp</a> <li><a href="http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp">http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp</a> <li><a href="http://www.kb.cert.org/vuls/id/206723">http://www.kb.cert.org/vuls/id/206723</a> </ol> <HR NOSHADE> <P>The CERT Coordination Center thanks PGP Security for their advisory, on which this document is based.</P> <HR NOSHADE> <P>Feedback on this document can be directed to the author, <A HREF="mailto:cert@cert.org?subject=CA-2001-25%20Feedback%20VU%23206723">Ian A. Finlay.</A> <P></P> <!--#include virtual="/include/footer_nocopyright.html" --> <P>Copyright 2001 Carnegie Mellon University.</P> <P>Revision History <PRE> September 06, 2001: Initial release </PRE> |