Bugtraq mailing list archives
Re: CERT Advisory CA-2001-25 (smap overflow)
From: "mod seven" <mod7 () paki com>
Date: Mon, 24 Sep 2001 16:19:50 -0700
Gauntlet 4.2 is vulnerable to the exploit. MOD
Date: Sun, 16 Sep 2001 13:00:52 -0400 Keith Young <kyoung () v-one com>Reply-To: kyoung () v-one com bugtraq () securityfocus com Re: CERT Advisory CA-2001-25 (smap overflow)CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code[ ... ]Network Associates, Inc. PGP Security has published a security advisory describing this vulnerability as well as patches. This is available from http://www.pgp.com/support/product-advisories/csmap.asp http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.aspSo, does anyone know whether this thoroughly useless advisory affects those who are running smap/smapd from the TIS FWTK days? Or is the overflow a newly introduced feature?I'm testing this now. Results will be posted to the FWTK-users mailing list and (if a vulnerability exists) to the "http://www.fwtk.org/" web site.Due to a fwtk-users listserver outage, I could not post my results. Therefore, I am posting them here. After several days of testing, I can say that the unmodified FWTK 2.1 smap process is *NOT* vulnerable to the same overflow as Gauntlet. I will be testing 2.1 smap+Joe Yao's patch next. Also, for those of you who asked me, the NAI notice is correct; Gauntlet 4.2 does not seem to be vulnerable to the buffer overflow. -- --Keith Young -kyoung () v-one com
------------------------------------------------------------ http://www.VirtualPhoneLine.com - Get a US Phone Line ANYWHERE in the world. http://www.FreePhoneGuide.com - Call Pakistan for FREE
Current thread:
- Re: CERT Advisory CA-2001-25 (smap overflow) mod seven (Sep 25)