Security hole in NAI's Gauntlet firewall

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates Inc., could allow an attacker to gain privileges on the device or access to the network protected by the firewall, according to a security advisory released by PGP.

The vulnerability involves two components of the firewall that handle inbound and outbound e-mail, smap/smapd and CSMAP, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory."

Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.

The flaw was discovered by Garrison Technologies Inc.

Patches for Gauntlet and the e-ppliance series can be found at ftp://ftp.nai.com/pub/security/ and http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/. Patches for the McAfee products will be available at http://www.mcafeeb2b.com according to the advisory.

PGP Security, in Santa Clara, California, can be reached at +1-972-308-9960 or online at http://www.pgp.com.