Gauntlet 4.2 is vulnerable to the exploit. MOD >Date: Sun, 16 Sep 2001 13:00:52 -0400 > Keith Young <kyoung@v-one.com>Reply-To: kyoung@v-one.com > bugtraq@securityfocus.com Re: CERT Advisory CA-2001-25 (smap overflow) > >>>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows >>>> intruders to execute arbitrary code >>>> >>> [ ... ] >>> >>>> Network Associates, Inc. >>>> >>>> PGP Security has published a security advisory describing this >>>> vulnerability as well as patches. This is available from >>>> >>>> http://www.pgp.com/support/product-advisories/csmap.asp >>>> http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp >>>> >>> >>> So, does anyone know whether this thoroughly useless advisory >>> affects those who are running smap/smapd from the TIS FWTK days? >>> Or is the overflow a newly introduced feature? >>> >> >> I'm testing this now. Results will be posted to the FWTK-users mailing >> list and (if a vulnerability exists) to the "http://www.fwtk.org/"; web >> site. >> > >Due to a fwtk-users listserver outage, I could not post my results. >Therefore, I am posting them here. > >After several days of testing, I can say that the unmodified FWTK 2.1 >smap process is *NOT* vulnerable to the same overflow as Gauntlet. I >will be testing 2.1 smap+Joe Yao's patch next. > >Also, for those of you who asked me, the NAI notice is correct; Gauntlet >4.2 does not seem to be vulnerable to the buffer overflow. > >-- >--Keith Young >-kyoung@v-one.com ------------------------------------------------------------ http://www.VirtualPhoneLine.com - Get a US Phone Line ANYWHERE in the world. http://www.FreePhoneGuide.com - Call Pakistan for FREE
