CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code

• Systems running the following products that use Gauntlet Firewall
• Gauntlet for Unix versions 5.x
• PGP e-ppliance 300 series version 1.0
• McAfee e-ppliance 100 and 120 series
• Gauntlet for Unix version 6.0
• PGP e-ppliance 300 series versions 1.5, 2.0
• PGP e-ppliance 1000 series versions 1.5, 2.0
• McAfee WebShield for Solaris v4.1

Overview

I. Description

The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound email.

On September 04, 2001, PGP Security released a security bulletin and patches for this vulnerability. For more information, please see

II. Impact

An intruder can execute arbitrary code with the privileges of the corresponding daemon. Additionally, firewalls often have trust relationships with other network devices. An intruder who compromises a firewall may be able to leverage this trust to compromise other devices on the network or to make changes to the network configuration.

III. Solution

Apply a patch

Appendix A contains information provided by vendors for this advisory. We will update the appendix as we receive more information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact your vendor directly.

Appendix A. - Vendor Information

This appendix contains information provided by vendors for this advisory. When vendors report new information to the CERT/CC, we update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments.

Network Associates, Inc.

PGP Security has published a security advisory describing this vulnerability as well as patches. This is available from