PGP warns of firewall flaw

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain...

A security flaw in the Gauntlet firewall made by PGP Security, a division of Network Associates, could allow attackers to gain privileges on the device or access to the network protected by the firewall.

The vulnerability involves two components of the firewall that handle e-mails, PGP said. Both components are vulnerable to a buffer overflow attack in which a large amount of data is sent to them, causing an error in the system that could give an attacker access, the company said. The company has released a patch, which it describes as "mandatory".

Affected products are Gauntlet for Unix versions 5.x and higher, PGP e-ppliance 300 series version 1.0 and higher, PGP e-ppliance 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series and McAfee WebShield for Solaris v4.1. For users with HP-UX Gauntlet 5.x systems, the patch will only work if HP-UX 11.0 or higher is installed or if patch PHCO_16723 has been applied, PGP said.

The flaw was discovered by Garrison Technologies

Patches for Gauntlet and the e-ppliance series can be found at: ftp://ftp.nai.com/pub/security/ and www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp/

Patches for the McAfee products are available at: www.mcfeeb2b.com.

Read more on Antivirus, firewall and IDS products

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.