Network Associates Inc.'s PGP Security division has issued a warning that its Unix-based Gauntlet firewall has a flaw that would allow an attacker to take control of it unless administrators have installed a patch for the security software.
The problem pertains to a buffer-overflow vulnerability discovered in the firewall's mail daemon that listens on port 25, according to PGP director of product management Marvin Dickinson. If an attacker types in "a lot of characters, it will create a buffer override because there are too many characters in that field," Dickinson said. The problem, identified by PGP business partner Garrison Technologies Inc. a few weeks ago, is corrected by applying the software fix that PGP made available this week at www.pgp.com.
The buffer-overflow vulnerability, which if exploited would give an attacker administrative access, also affects the hardware/software firewall appliances sold in the PGP e-ppliance 300 series and 1000 series, as well as the McAfee WebShield for Solaris Version 4.1.
The reason it took weeks to issue the patch is it took time to coordinate with multiple business units and OEM partners to advise them of the buffer-overflow problem and ready them to apply the patch for their customers, Dickinson noted. He said this is the second time in the history of the Gauntlet firewall that a vulnerability of this seriousness has been uncovered.