UPDATE - Network Associates Warn of Firewall Security Hole

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

[Fair Use: For Educational and Research Purposes Only]

Network Associates warns of firewall security hole

By Paul Festa Staff Writer, CNET News.com May 30, 2000, 4:30 p.m. PT

Network Associates is urging its firewall customers to patch a security hole that leaves networks vulnerable to attack.

The company's Gauntlet software governs traffic between a network, such as a corporate intranet, and outside networks, such as the Internet. But because of a common coding flaw known as a buffer overflow vulnerability, the protective software opens an avenue for hackers seeking to wrest control of a network.

The trouble with Gauntlet is in the way it communicates with Mattel's Cyber Patrol--"filtering" software that blocks access to Web sites that parents or network administrators deem inappropriate.

"The buffer overflow is associated with a specific part of the firewall dealing with URL filtering," said Jim Ishikawa, vice president of marketing for PGP Security, a unit of Network Associates. "At the integration point with our firewall, customers who are running Cyber Patrol are vulnerable. But it's Network Associates' bug."

Buffer overflow attacks, said to be the most common computer security problem of the past decade, are caused when an attacker floods a computer's memory with more characters than it can accommodate. An improperly coded buffer responds to such attacks by crashing the application, and the excess code, potentially malicious, can be run upon restarting the computer.

"A hacker could send information to the product and overflow buffer," Ishikawa said. "It allows you to put bits in a different part of memory, where they shouldn't be."

Ishikawa said Network Associates learned of the issue a week ago Friday and posted an alert to its customers the following Monday morning.

The bug affects only versions of Gauntlet for the Unix operating system. Network Associates posted an advisory and patches for the bug, which was also reported by Security Focus.

http://www.news.com/news/0-1005-200-1983181.html?tag=st.ne.1005.thed.ni

===================

-- (Dee360Degree@aol.com), May 31, 2000


Moderation questions? read the FAQ