Gauntlet CyberPatrol Buffer Overflow

[lfcrob () AI ORG (Rob Lindenbusch)]

        This was posted to the Guantlet User list this morning. The claim is
that there is no exploit "in the wild" and that the only holders of the
code are NAI and Garrison Tech, and they don't plan to release it. Of
course, nobody else will figure it out, right? Nice to have a buffer
overflow in a firewall in any case.

--
Rob Lindenbusch
Lead Systems Administrator
Access Indiana Information Network
E-mail: lfcrob () ai org
Phone: (317)233-2378
URL: http://www.state.in.us/


<STRONG>attached mail follows:</STRONG><HR NOSHADE><P>
Folks,

We have released patches to deal with a security issue with the products
mentioned in the Subject line.

The full advisory is available from
http://www.tis.com/support/cyberadvisory.html

Patches are available from http://www.tis.com/support/patchpage.html -- the
patch you need is cyber.patch for whatever version you are currently
running.

There is no released patch for Gauntlet 4.1, however if you refer to the
advisory you can implement the workaround detailed in that advisory.

If you have questions, feel free to direct them my way.

Thanks,

M (in official sort of capacity)

--
Principal Network Security Engineer
Gauntlet Technical Support