Re: CERT Advisory CA-2001-25 (smap overflow)

["mod seven" <mod7 () paki com>]

Gauntlet 4.2 is vulnerable to the exploit.

MOD

> Date: Sun, 16 Sep 2001 13:00:52 -0400
> Keith Young <kyoung () v-one com>Reply-To: kyoung () v-one com
> bugtraq () securityfocus com Re: CERT Advisory CA-2001-25 (smap overflow)
>
> > > > CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
> > > > intruders to execute arbitrary code
> > > [ ... ]
> > >
> > > > Network Associates, Inc.
> > > >
> > > >  PGP Security has published a security advisory describing this
> > > >  vulnerability as well as patches. This is available from
> > > >
> > > >         http://www.pgp.com/support/product-advisories/csmap.asp
> > > >         http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
> > >
> > > So, does anyone know whether this thoroughly useless advisory
> > > affects those who are running smap/smapd from the TIS FWTK days?
> > > Or is the overflow a newly introduced feature?
> >
> > I'm testing this now. Results will be posted to the FWTK-users mailing 
> > list and (if a vulnerability exists) to the "http://www.fwtk.org/"; web 
> > site.
>
> Due to a fwtk-users listserver outage, I could not post my results. 
> Therefore, I am posting them here.
>
> After several days of testing, I can say that the unmodified FWTK 2.1
> smap process is *NOT* vulnerable to the same overflow as Gauntlet. I 
> will be testing 2.1 smap+Joe Yao's patch next.
>
> Also, for those of you who asked me, the NAI notice is correct; Gauntlet 
> 4.2 does not seem to be vulnerable to the buffer overflow.
>
> -- 
> --Keith Young
> -kyoung () v-one com




------------------------------------------------------------
http://www.VirtualPhoneLine.com - Get a US Phone Line ANYWHERE in the world.
http://www.FreePhoneGuide.com - Call Pakistan for FREE