A remotely exploitable buffer overflow exists in the Gauntlet Firewall.
The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.
This vulnerability occurs in smap/smapd on the following products:
An intruder can execute arbitrary code with the privileges of the corresponding daemon.
Patchs for this vulnerability are available from the vendor at <ftp://ftp.nai.com/pub/security/> and <http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp>.
Vendor| Status| Date Notified| Date Updated
PGP| | -| 06 Sep 2001
If you are a vendor and your product is affected, let us know.
Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A
This vulnerability was discovered by Jim Stickley of Garrison Technologies.
This document was written by Ian A. Finlay.