[UNIX] Gauntlet Firewall for UNIX and WebShield CSMAP and smap/smapd Buffer Overflow Vulnerabilities

From: support@securiteam.com
Date: 09/06/01


From: support@securiteam.com
To: list@securiteam.com
Subject: [UNIX] Gauntlet Firewall for UNIX and WebShield CSMAP and smap/smapd Buffer Overflow Vulnerabilities
Message-Id: <20010906035717.5A7D3138C0@mail.der-keiler.de>
Date: Thu,  6 Sep 2001 05:57:17 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Gauntlet Firewall for UNIX and WebShield CSMAP and smap/smapd Buffer
Overflow Vulnerabilities
------------------------------------------------------------------------

SUMMARY

This security vulnerability is a Buffer Overflow in the smap/smapd and
CSMAP daemons. The smap/smapd and CSMAP daemons are responsible for
handling e-mail transactions for both inbound and outbound e-mail. It is
possible to exploit this Buffer Overflow vulnerability to execute
arbitrary shell commands with the privileges of the owner of the
corresponding daemon.

DETAILS

A security vulnerability has been discovered in smap/smapd on the
following products:
 * Gauntlet for UNIX versions 5.x
 * PGP e-ppliance 300 series version 1.0
 * McAfee e-ppliance 100 and 120 series

A security vulnerability has been discovered in CSMAP on the following
products:
 * Gauntlet for UNIX version 6.0
 * PGP e-ppliance 300 series versions 1.5, 2.0
 * PGP e-ppliance 1000 series versions 1.5, 2.0
 * McAfee WebShield for Solaris v4.1

Solution:
A patch to repair this vulnerability is available for all products listed
above at <ftp://ftp.nai.com/pub/security/>
ftp://ftp.nai.com/pub/security/ and
<http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp>
http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp for the
Gauntlet and PGP e-ppliance products and www.mcafeeb2b.com for the McAfee
e-ppliance and WebShield products.

This patch is a mandatory patch that includes a new version of the
corresponding daemons and addresses the buffer overflow. Instructions for
installing the patch are included in the README file contained within the
patch.

NOTE FOR HP-UX GAUNTLET v.5.x USERS:
Gauntlet v.5.x users on HP-UX must have HP-UX patch PHCO_16723 or later
installed for the smap/smapd patch to function properly, as there is a
dependency upon the library contained in that HP patch. The smap/smapd
patch for Gauntlet v.5.x makes a check for the presence of the latest
iteration of this patch (PHCO_23684). If this patch is not present, it
will inform the user that PHCO_16723 or later is required and prompt the
user if they want to continue. Failure to have PHCO_16723 or later will
prevent all e-mail traffic if the smap/smapd patch is installed.
PHCO_23684 is available from the HP support web site. The required library
is built into HP-UX v.11.0, so Gauntlet v.6.0 users on HP-UX do not
require an additional patch.

ADDITIONAL INFORMATION

The information has been provided by PGP Security.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • Re: Its not that simple... [Was: Re: [Full-disclosure] Disney Down?]
    ... PnP is not a show stopper when it comes to patch compatibility testing ... "Successful exploitation of this vulnerability could be leveraged to ... "If it had been International Paper or some company like ... > to take security matters more seriously. ...
    (Full-Disclosure)
  • Re: Download.ject - commentary - LONG
    ... > patch recently released by Microsoft. ... > vulnerability in question, but instead is just a partial workaround. ... > Granted these are known security best practices related to Internet ... > a new default browser to users and hope that it will be safe enough. ...
    (microsoft.public.win2000.security)
  • Re: NT4 patch for MS00-084??
    ... there is no such patch to be found on the technet security ... > "Microsoft has released a patch that eliminates a security ... > vulnerability in Microsoft® Indexing Services for Windows 2000. ...
    (microsoft.public.security)
  • Microsoft Security Bulletin MS01-044
    ... Subject: Microsoft Security Bulletin MS01-044 ... 15 August 2001 Cumulative Patch for IIS ... - A denial of service vulnerability that could enable an attacker ...
    (Bugtraq)
  • Download.ject - commentary - LONG
    ... vulnerability in question, but instead is just a partial workaround. ... ADDITION to applying the 870669 patch. ... Granted these are known security best practices related to Internet ... a new default browser to users and hope that it will be safe enough. ...
    (microsoft.public.win2000.security)