Security hole found in Network Associates firewall

Unix users of Network Associates' Gauntlet firewall software are being advised to install a patch to protect their networks from possible attacks.

The security hole, discovered about 10 days ago, occurs when Gauntlet is used with Mattel's Cyber Patrol software, according to Network Associates. The combination of the two applications causes a "buffer overflow vulnerability," which creates an entryway for cyberattacks on the network, the company in its advisory.

The software patch to close the security hole was released May 22 by Network Associates and is available for downloading on the company's Web site. The patch supports Gauntlet for Unix Versions 4.2, 5.0 and 5.5. The patch also should be applied to Network Associates' WebShield 100 and 300 series products, which are combined hardware/software bundles that include the Gauntlet firewall.

Users of Gauntlet for Unix 4.1 are being advised that a patch isn't available for their software. Instead, Version 4.1 users have to apply a manual workaround procedure outlined on the Network Associates Web site.

The Cyber Patrol software is installed by default as part of the Gauntlet package, then is disabled after 30 days, according to SecurityFocus.com, a Web-based security clearinghouse that also reported the security hole. The security breaches are only possible within that 30-day window, the SecurityFocus.com report said.

Join the newsletter!

Error: Please check your email address.

More about MattelSecurityFocus

Show Comments

Market Place