PGP warns of firewall flaw

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain...

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain privileges on the device or access to the network protected by the firewall.

The vulnerability involves two components of the firewall that handle e-mails, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory".

Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.

The flaw was discovered by Garrison Technologies

Patches for Gauntlet and the e-ppliance series can be found at: ftp://ftp.nai.com/pub/security/ and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/


Patches for the McAfee products are available at: www.mcfeeb2b.com.

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close