RE: CERT Advisory CA-2001-25

From: Carson Gaspar (carson@taltos.org)
Date: 09/11/01


Date: Mon, 10 Sep 2001 17:59:44 -0700
From: Carson Gaspar <carson@taltos.org>
To: bugtraq@securityfocus.com
Subject: RE: CERT Advisory CA-2001-25
Message-ID: <159042421.1000144784@athyra>


--On Monday, September 10, 2001 3:20 PM -0400 Jeremy Epstein
<jepstein@webmethods.com> wrote:

> My guess is that this does not affect TIS FWTK... I was told that pretty
> much all of the TIS/FWTK code has been rewritten for Gauntlet over the
> years. So odds are it's Gauntlet-specific.

*snort* *giggle*

Whoever told you that was... ummm... differently informed. The new -pdk
proxies have been rewritten. The old-style -gw proxies have been modified,
but _not_ re-written, as I was amazed to discover back in the 4.x days when
I had to patch them for the same bugs I'd fixed in FWTK. All of my fixes
(but not my feature enhancements) got rolled in in the 5.x versions (or in
patches thereto).

smap and smapd have had significant changes, but as of 5.5 are still mostly
the same. 6.0's csmap is a re-write.

Rumour has it that the bug is the content scanning portion, which wasn't in
fwtk. But this has not been substantiated. I haven't been motivated to look
at the 5.5 code and see if I can find it or not.

-- 
Carson Gaspar - carson@taltos.org
Queen Trapped in a Butch Body