Re: CERT Advisory CA-2001-25

From: Ian Finlay (
Date: 09/10/01

Date: Mon, 10 Sep 2001 13:03:52 -0400
From: Ian Finlay <>
To: Steve Watt <steve+bugtraq@Watt.COM>,
Subject: Re: CERT Advisory CA-2001-25
Message-ID: <>

--On Sunday, September 09, 2001 9:30 PM -0700 Steve Watt
<steve+bugtraq@Watt.COM> wrote:

> CERT Advisory <> wrote:
>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
>> intruders to execute arbitrary code
> [ ... ]
>> Network Associates, Inc.
>> PGP Security has published a security advisory describing this
>> vulnerability as well as patches. This is available from
> So, does anyone know whether this thoroughly useless advisory
> affects those who are running smap/smapd from the TIS FWTK days?
> Or is the overflow a newly introduced feature?

I was able to find the following information, which may be of some use to
you Steve.

"The Gauntlet Internet Firewall and the TIS Internet Firewall Toolkit do
not share the same code base for anything, typically, and haven't since
version 1.0. (There may be a proxy or two that is identical in cases where
TIS decided to just give the code away to the FWTK users."

Best Regards,

Ian Finlay
Internet Systems Security Analyst - CERT/CC Operations
Networked Systems Survivability Program
CERT (R) Coordination Center Email:
Software Engineering Institute WWW:
Carnegie Mellon University Hotline: +1-412-268-7090
Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989