Secure Computing Corporation Information for VU#803539

GAUNTLET (tm) FIREWALL & VPN (5.X and 6.0)
Gauntlet software users should contact their operating system vendor for a revised version of the library (on Solaris it is libresolv.so, on HP-UX it is libnss_dns.1) in question and apply it as soon as it is available.

GAUNTLET E-PPLIANCE FIREWALL & VPN (EPL 1.X and 2.0)
Gauntlet e-ppliance would be vulnerable to this theoretical attack. Secure Computing engineering is currently examining the issue in preparation for a patch for the e-ppliance 300 and 1000 (all versions).

SIDEWINDER(tm) FIREWALL & VPN (all releases including Sidewinder Appliance)
This buffer overflow vulnerability can not be exploited to gain access to, or gain any valuable information from a Sidewinder. An attack against one of the Sidewinder components using this vulnerability would yield no special privileges (such as root access, shell access, configuration information, etc.) due to Sidewinder's SecureOS(tm) Type Enforcement(tm) technology (TE).

None of Sidewinder's critical services (proxies, ACL engine, etc.) do direct DNS processing. Resolution is done by 'self contained' DNS resolver processes which are not granted Type Enforcement access to any of the services configuration data, nor could it access the data contained by the service sessions, nor even execute a shell. This process has no access to any system resources useful to an attacker. And of course, there is no useful concept of root privilege on Sidewinder.

Vendor Information

If you have feedback, comments, or additional information about this vulnerability, please send us email.