Skip to main content /TECH with IDG.net
CNN.com /TECH
CNN TV
EDITIONS


Security hole found in NAI's Gauntlet firewall

IDG.net
graphic


By Sam Costello

(IDG) -- A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates Inc. (NAI), could allow an attacker to gain privileges on the device or access to the network protected by the firewall, according to a security advisory released Tuesday by PGP.

The vulnerability involves two components of the firewall that handle inbound and outbound e-mail, smap/smapd, and CSMAP, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. PGP has released a patch, which it describes as "mandatory."

Visit an IDG site


IDG.net search



Affected products are Gauntlet for Unix, Versions 5.x and higher; PGP e-ppliance 300 series, Version 1.0 and higher; PGP e-ppliance 1000 series, Versions 1.5 and 2.0; McAfee e-ppliance 100 and 120 series; and McAfee WebShield for Solaris Version 4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.

The flaw was discovered by Garrison Technologies.

Patches for Gauntlet and the e-ppliance series can be found at ftp://ftp.nai.com/pub/security and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp. Patches for the McAfee products will be available at www.mcafeeb2b.com, according to the advisory.





RELATED STORIES:
RELATED IDG.net STORIES:
RELATED SITES:
• Network Associates Technology

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 Search   

Back to the top