Gauntlet/WebShield cyberdaemon
CVE 2000-0437
Impact
A buffer overflow in the CyberPatrol daemon in the Gauntlet
and WebShield firewall products could be exploited to create a denial of service
or to execute arbitrary code.
Background
The CyberPatrol daemon (cyberdaemon) is used to enforce
the CyberPatrol policy in conjunction with the HTTP proxy.
The Problem
A buffer overflow has been discovered in the CyberPatrol daemon
which, if exploited, could cause the daemon to crash, thus preventing
any new connections to the HTTP proxy. The vulnerability could also
be used to execute arbitrary code.
The following products are affected if CyberPatrol is running:
- Gauntlet for Unix versions 4.1, 4.2, 5.0, 5.5
- WebShield 300 series E-ppliance
- WebShield For Solaris 4.0
- WebShield 100 series E-ppliance
Resolution
If you are not using CyberPatrol, shut off cyberdaemon.
To disable the daemon in Gauntlet or WebShield 300, enter the admin
utility by typing "gauntlet-admin"
or "webshield-admin". Choose "Basic System Configuration", then
"Proxy Configuration", then "CyberPatrol", and change the on
value to off and save the changes. For more detailed instructions,
or if you are using a different product,
see the advisory.
If you need to use CyberPatrol, the vulnerability should be fixed by
applying the appropriate
patch. If you cannot install the patch, or if you are using Gauntlet 4.1,
then create a packet filter to deny any connections to port 8999 on the
firewall.
Where can I read more about this?
This vulnerability is discussed in an
advisory from the Gauntlet firewall engineers.