-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code Original release date: September 06, 2001 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected * Systems running the following products that use Gauntlet Firewall * Gauntlet for Unix versions 5.x * PGP e-ppliance 300 series version 1.0 * McAfee e-ppliance 100 and 120 series * Gauntlet for Unix version 6.0 * PGP e-ppliance 300 series versions 1.5, 2.0 * PGP e-ppliance 1000 series versions 1.5, 2.0 * McAfee WebShield for Solaris v4.1 Overview A vulnerability for a remotely exploitable buffer overflow exists in Gauntlet Firewall by PGP Security. I. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound email. On September 04, 2001, PGP Security released a security bulletin and patches for this vulnerability. For more information, please see http://www.pgp.com/support/product-advisories/csmap.asp http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp http://www.kb.cert.org/vuls/id/206723 II. Impact An intruder can execute arbitrary code with the privileges of the corresponding daemon. Additionally, firewalls often have trust relationships with other network devices. An intruder who compromises a firewall may be able to leverage this trust to compromise other devices on the network or to make changes to the network configuration. III. Solution Apply a patch Appendix A contains information provided by vendors for this advisory. We will update the appendix as we receive more information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact your vendor directly. Appendix A. - Vendor Information This appendix contains information provided by vendors for this advisory. When vendors report new information to the CERT/CC, we update this section and note the changes in our revision history. If a particular vendor is not listed below, we have not received their comments. Network Associates, Inc. PGP Security has published a security advisory describing this vulnerability as well as patches. This is available from http://www.pgp.com/support/product-advisories/csmap.asp http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp References 1. http://www.pgp.com/support/product-advisories/csmap.asp 2. http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp 3. http://www.kb.cert.org/vuls/id/206723 _________________________________________________________________ The CERT Coordination Center thanks PGP Security for their advisory, on which this document is based. _________________________________________________________________ Feedback on this document can be directed to the author, Ian A. Finlay. ______________________________________________________________________ This document is available from: http://www.cert.org/advisories/CA-2001-25.html ______________________________________________________________________ CERT/CC Contact Information Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To subscribe to the CERT mailing list for advisories and bulletins, send email to majordomo@cert.org. Please include in the body of your message subscribe cert-advisory * "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office. ______________________________________________________________________ NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. _________________________________________________________________ Conditions for use, disclaimers, and sponsorship information Copyright 2001 Carnegie Mellon University. Revision History September 06, 2001: Initial release -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBO5gEwAYcfu8gsZJZAQEcjAP+PciEp6xeIK+dGr8Hazin4sXDP9KDYfus FGN38fqzRZhNfA6ReO/9bbQp7pvuijcVB0F9BasNZc3HPTnxFpWaguqgWfNnihnB +JZHzQ4HaK0tLWT4rcorfu7U5sdXz3zHPHkdPX8B4ael0h6XJ9hJ6rq6PMIDww+P DQbVFE886v4= =wcI5 -----END PGP SIGNATURE-----