Re: CERT Advisory CA-2001-25From: Ian Finlay (firstname.lastname@example.org)
- Previous message: CERT Advisory: "CERT Advisory CA-2001-25"
- Maybe in reply to: CERT Advisory: "CERT Advisory CA-2001-25"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 10 Sep 2001 13:03:52 -0400 From: Ian Finlay <email@example.com> To: Steve Watt <steve+bugtraq@Watt.COM>, firstname.lastname@example.org Subject: Re: CERT Advisory CA-2001-25 Message-ID: <email@example.com>
--On Sunday, September 09, 2001 9:30 PM -0700 Steve Watt
> CERT Advisory <firstname.lastname@example.org> wrote:
>> CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows
>> intruders to execute arbitrary code
> [ ... ]
>> Network Associates, Inc.
>> PGP Security has published a security advisory describing this
>> vulnerability as well as patches. This is available from
> So, does anyone know whether this thoroughly useless advisory
> affects those who are running smap/smapd from the TIS FWTK days?
> Or is the overflow a newly introduced feature?
I was able to find the following information, which may be of some use to
"The Gauntlet Internet Firewall and the TIS Internet Firewall Toolkit do
not share the same code base for anything, typically, and haven't since
version 1.0. (There may be a proxy or two that is identical in cases where
TIS decided to just give the code away to the FWTK users."
Internet Systems Security Analyst - CERT/CC Operations
Networked Systems Survivability Program
CERT (R) Coordination Center Email: email@example.com
Software Engineering Institute WWW: http://www.cert.org
Carnegie Mellon University Hotline: +1-412-268-7090
Pittsburgh, PA USA 15213-3890 FAX: +1-412-268-6989