Bugtraq mailing list archives
Re: CERT Advisory CA-2001-25
From: Ian Finlay <iaf () cert org>
Date: Mon, 10 Sep 2001 13:03:52 -0400
--On Sunday, September 09, 2001 9:30 PM -0700 Steve Watt <steve+bugtraq () Watt COM> wrote:
CERT Advisory <cert-advisory () cert org> wrote:CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code[ ... ]Network Associates, Inc. PGP Security has published a security advisory describing this vulnerability as well as patches. This is available from http://www.pgp.com/support/product-advisories/csmap.asp http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.aspSo, does anyone know whether this thoroughly useless advisory affects those who are running smap/smapd from the TIS FWTK days? Or is the overflow a newly introduced feature?
I was able to find the following information, which may be of some use to you Steve.
http://www.fwtk.org/fwtk/docs/documentation.html#1.3"The Gauntlet Internet Firewall and the TIS Internet Firewall Toolkit do not share the same code base for anything, typically, and haven't since version 1.0. (There may be a proxy or two that is identical in cases where TIS decided to just give the code away to the FWTK users."
Best Regards, Ian Ian Finlay Internet Systems Security Analyst - CERT/CC Operations Networked Systems Survivability Program =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= CERT (R) Coordination Center Email: cert () cert org Software Engineering Institute WWW: http://www.cert.org Carnegie Mellon University Hotline: +1-412-268-7090 Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Current thread:
- CERT Advisory CA-2001-25 CERT Advisory (Sep 06)
- Re: CERT Advisory CA-2001-25 Steve Watt (Sep 10)
- Re: CERT Advisory CA-2001-25 (smap overflow) Keith Young (Sep 10)
- Re: CERT Advisory CA-2001-25 (smap overflow) Keith Young (Sep 16)
- Re: CERT Advisory CA-2001-25 Ian Finlay (Sep 10)
- RE: CERT Advisory CA-2001-25 Jeremy Epstein (Sep 10)
- RE: CERT Advisory CA-2001-25 Carson Gaspar (Sep 10)
- Re: CERT Advisory CA-2001-25 (smap overflow) Keith Young (Sep 10)
- <Possible follow-ups>
- Re: CERT Advisory CA-2001-25 ark (Sep 11)
- Re: CERT Advisory CA-2001-25 Steve Watt (Sep 10)