[22601] in bugtraq
Re: CERT Advisory CA-2001-25
daemon@ATHENA.MIT.EDU (Ian Finlay)
Mon Sep 10 22:18:40 2001
Date: Mon, 10 Sep 2001 13:03:52 -0400
From: Ian Finlay <iaf@cert.org>
To: Steve Watt <steve+bugtraq@Watt.COM>, bugtraq@securityfocus.com
Message-ID: <3694620175.1000127032@abilene.blue.cert.org>
In-Reply-To: <200109100430.f8A4UpL11602@wattres.Watt.COM>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--On Sunday, September 09, 2001 9:30 PM -0700 Steve Watt
<steve+bugtraq@Watt.COM> wrote:
> CERT Advisory <cert-advisory@cert.org> wrote:
>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
>> intruders to execute arbitrary code
> [ ... ]
>> Network Associates, Inc.
>>
>> PGP Security has published a security advisory describing this
>> vulnerability as well as patches. This is available from
>>
>> http://www.pgp.com/support/product-advisories/csmap.asp
>> http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
>
> So, does anyone know whether this thoroughly useless advisory
> affects those who are running smap/smapd from the TIS FWTK days?
> Or is the overflow a newly introduced feature?
I was able to find the following information, which may be of some use to
you Steve.
http://www.fwtk.org/fwtk/docs/documentation.html#1.3
"The Gauntlet Internet Firewall and the TIS Internet Firewall Toolkit do
not share the same code base for anything, typically, and haven't since
version 1.0. (There may be a proxy or two that is identical in cases where
TIS decided to just give the code away to the FWTK users."
Best Regards,
Ian
Ian Finlay
Internet Systems Security Analyst - CERT/CC Operations
Networked Systems Survivability Program
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CERT (R) Coordination Center Email: cert@cert.org
Software Engineering Institute WWW: http://www.cert.org
Carnegie Mellon University Hotline: +1-412-268-7090
Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
