|
Security hole found in NAI's Gauntlet firewall
By Sam Costello (IDG) -- A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates Inc. (NAI), could allow an attacker to gain privileges on the device or access to the network protected by the firewall, according to a security advisory released Tuesday by PGP. The vulnerability involves two components of the firewall that handle inbound and outbound e-mail, smap/smapd, and CSMAP, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. PGP has released a patch, which it describes as "mandatory."
Affected products are Gauntlet for Unix, Versions 5.x and higher; PGP e-ppliance 300 series, Version 1.0 and higher; PGP e-ppliance 1000 series, Versions 1.5 and 2.0; McAfee e-ppliance 100 and 120 series; and McAfee WebShield for Solaris Version 4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said. The flaw was discovered by Garrison Technologies. Patches for Gauntlet and the e-ppliance series can be found at ftp://ftp.nai.com/pub/security and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp. Patches for the McAfee products will be available at www.mcafeeb2b.com, according to the advisory. |
|
||||||||||||||||||||
|
||||||||||||||||||||||
Back to the top |
© 2003 Cable News Network LP, LLLP.
A Time Warner Company. All Rights Reserved. Terms under which this service is provided to you. Read our privacy guidelines. Contact us. |