Bugtraq mailing list archives

RE: CERT Advisory CA-2001-25

From: Carson Gaspar <carson () taltos org>
Date: Mon, 10 Sep 2001 17:59:44 -0700

--On Monday, September 10, 2001 3:20 PM -0400 Jeremy Epstein<jepstein () webmethods com> wrote:

My guess is that this does not affect TIS FWTK... I was told that pretty
much all of the TIS/FWTK code has been rewritten for Gauntlet over the
years.  So odds are it's Gauntlet-specific.


*snort* *giggle*

Whoever told you that was... ummm... differently informed. The new -pdkproxies have been rewritten. The old-style -gw proxies have been modified,but _not_ re-written, as I was amazed to discover back in the 4.x days whenI had to patch them for the same bugs I'd fixed in FWTK. All of my fixes(but not my feature enhancements) got rolled in in the 5.x versions (or inpatches thereto).

smap and smapd have had significant changes, but as of 5.5 are still mostlythe same. 6.0's csmap is a re-write.

Rumour has it that the bug is the content scanning portion, which wasn't infwtk. But this has not been substantiated. I haven't been motivated to lookat the 5.5 code and see if I can find it or not.


--
Carson Gaspar - carson () taltos org
Queen Trapped in a Butch Body

Current thread:

CERT Advisory CA-2001-25 CERT Advisory (Sep 06)
- Re: CERT Advisory CA-2001-25 Steve Watt (Sep 10)
  - Re: CERT Advisory CA-2001-25 (smap overflow) Keith Young (Sep 10)
    - Re: CERT Advisory CA-2001-25 (smap overflow) Keith Young (Sep 16)
  - Re: CERT Advisory CA-2001-25 Ian Finlay (Sep 10)
  - RE: CERT Advisory CA-2001-25 Jeremy Epstein (Sep 10)
    - RE: CERT Advisory CA-2001-25 Carson Gaspar (Sep 10)
- <Possible follow-ups>
- Re: CERT Advisory CA-2001-25 ark (Sep 11)