Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2001.381 -- NAI Security Advisory CSMAP and smap/smapd BUFFER OVERFLOW VULNERABILITY 6 September 2001 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Gauntlet for Unix version 5.x and 6.0 PGP e-ppliance 300 series versions 1.0, 1.5, 2.0 PGP e-ppliance 1000 series versions 1.5, 2.0 McAfee e-ppliance 100 and 120 series McAfee WebShield for Solaris v4.1 Impact: Execute Arbitrary Code/Commands Access Required: Remote Ref: http://www.pgp.com/support/product-advisories/csmap.asp - --------------------------BEGIN INCLUDED TEXT-------------------- CSMAP and smap/smapd BUFFER OVERFLOW VULNERABILITY ADVISORY Title: Gauntlet Firewall for Unix and WebShield CSMAP and smap/smapd Buffer Overflow Vulnerability Advisory Date: September 4, 2001 Author: Gauntlet Firewall Engineering Background: A security vulnerability has been discovered in smap/smapd on the following products: Gauntlet for Unix versions 5.x PGP e-ppliance 300 series version 1.0 McAfee e-ppliance 100 and 120 series A security vulnerability has been discovered in CSMAP on the following products: Gauntlet for Unix version 6.0 PGP e-ppliance 300 series versions 1.5, 2.0 PGP e-ppliance 1000 series versions 1.5, 2.0 McAfee WebShield for Solaris v4.1 This security vulnerability is a Buffer Overflow in the smap/smapd and CSMAP daemons. The smap/smapd and CSMAP daemons are responsible for handling e-mail transactions for both inbound and outbound e-mail. It is possible to exploit this Buffer Overflow vulnerability to execute arbitrary shell commands with the same privileges as the owner of the corresponding daemon. Solution: A patch to repair this vulnerability is available for all products listed above at ftp://ftp.nai.com/pub/security/ and http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp for the Gauntlet and PGP e-ppliance products and www.mcafeeb2b.com for the McAfee e-ppliance and WebShield products. This patch is a mandatory patch that includes a new version of the corresponding daemons and addresses the buffer overflow. Instructions for installing the patch are included in the README file contained within the patch. NOTE FOR HP-UX GAUNTLET v.5.x USERS: Gauntlet v.5.x users on HP-UX must have HP-UX patch PHCO_16723 or later installed for the smap/smapd patch to function properly, as there is a dependency upon the library contained in that HP patch. The smap/smapd patch for Gauntlet v.5.x makes a check for the presence of the latest iteration of this patch (PHCO_23684). If this patch is not present, it will inform the user that PHCO_16723 or later is required and prompt the user if they want to continue. Failure to have PHCO_16723 or later will prevent all e-mail traffic if the smap/smapd patch is installed. PHCO_23684 is available from the HP support web site. The required library is built into HP-UX v.11.0, so Gauntlet v.6.0 users on HP-UX do not require an additional patch. CREDITS: PGP Security acknowledges one of its partners, Garrison Technologies, Inc., for notification about this problem. (C) 2001, Networks Associates Technology, Inc. All Rights Reserved. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to firstname.lastname@example.org and we will forward your request to the appropriate person. This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the original authors to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBO5dy/yh9+71yA2DNAQHK8wP/W+Kkdve0fuWfhct5rIwoDW/bd6Ns0jPC b5HZrp+XWmhTJEuU/qu+NyQPotvJF5b+vj7yn5woM+eLKyJ+9VfK6xKhm+rypuDF uvKb5BhO7FXK2KAi713stApE3sCFW2A6Og4Drf/gdzqaxDxwk18Pu1TFdymqUVu8 RwKmNZZMje4= =nSiL -----END PGP SIGNATURE-----