[22659] in bugtraq
Re: CERT Advisory CA-2001-25 (smap overflow)
daemon@ATHENA.MIT.EDU (Keith Young)
Sun Sep 16 20:40:05 2001
Message-ID: <3BA4DAC4.4030905@v-one.com>
Date: Sun, 16 Sep 2001 13:00:52 -0400
From: Keith Young <kyoung@v-one.com>
Reply-To: kyoung@v-one.com
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
>>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
>>> intruders to execute arbitrary code
>>>
>> [ ... ]
>>
>>> Network Associates, Inc.
>>>
>>> PGP Security has published a security advisory describing this
>>> vulnerability as well as patches. This is available from
>>>
>>> http://www.pgp.com/support/product-advisories/csmap.asp
>>> http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp
>>>
>>
>> So, does anyone know whether this thoroughly useless advisory
>> affects those who are running smap/smapd from the TIS FWTK days?
>> Or is the overflow a newly introduced feature?
>>
>
> I'm testing this now. Results will be posted to the FWTK-users mailing
> list and (if a vulnerability exists) to the "http://www.fwtk.org/" web
> site.
>
Due to a fwtk-users listserver outage, I could not post my results.
Therefore, I am posting them here.
After several days of testing, I can say that the unmodified FWTK 2.1
smap process is *NOT* vulnerable to the same overflow as Gauntlet. I
will be testing 2.1 smap+Joe Yao's patch next.
Also, for those of you who asked me, the NAI notice is correct; Gauntlet
4.2 does not seem to be vulnerable to the buffer overflow.
--
--Keith Young
-kyoung@v-one.com
