>>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows >>> intruders to execute arbitrary code >>> >> [ ... ] >> >>> Network Associates, Inc. >>> >>> PGP Security has published a security advisory describing this >>> vulnerability as well as patches. This is available from >>> >>> http://www.pgp.com/support/product-advisories/csmap.asp >>> http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp >>> >> >> So, does anyone know whether this thoroughly useless advisory >> affects those who are running smap/smapd from the TIS FWTK days? >> Or is the overflow a newly introduced feature? >> > > I'm testing this now. Results will be posted to the FWTK-users mailing > list and (if a vulnerability exists) to the "http://www.fwtk.org/"; web > site. > Due to a fwtk-users listserver outage, I could not post my results. Therefore, I am posting them here. After several days of testing, I can say that the unmodified FWTK 2.1 smap process is *NOT* vulnerable to the same overflow as Gauntlet. I will be testing 2.1 smap+Joe Yao's patch next. Also, for those of you who asked me, the NAI notice is correct; Gauntlet 4.2 does not seem to be vulnerable to the buffer overflow. -- --Keith Young -kyoung@v-one.com
