Vulnerability Note VU#206723
Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution
A remotely exploitable buffer overflow exists in the Gauntlet Firewall.
The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.
This vulnerability occurs in smap/smapd on the following products:
An intruder can execute arbitrary code with the privileges of the corresponding daemon.
Patchs for this vulnerability are available from the vendor at ftp://ftp.nai.com/pub/security/ and http://www.pgp.com/naicommon/download/upgrade/upgrades-patch.asp.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|PGP||Affected||-||06 Sep 2001|
CVSS Metrics (Learn More)
This vulnerability was discovered by Jim Stickley of Garrison Technologies.
This document was written by Ian A. Finlay.
- CVE IDs: Unknown
- Date Public: 04 Sep 2001
- Date First Published: 06 Sep 2001
- Date Last Updated: 06 Sep 2001
- Severity Metric: 50.63
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.