PGP's Gauntlet Firewall Vulnerable

CERT warns of a serious vulnerability in the Gauntlet 6.0 firewall; a patch is available.

InformationWeek Staff, Contributor

September 11, 2001

2 Min Read

Several days before PGP Security, a division of Network Associates Inc., said its Gauntlet 6.0 firewall met the strict international EAL4 (Evaluation Assurance Levels) security certification, the federally funded CERT Coordination Center released an advisory warning users of a serious vulnerability in several Gauntlet versions.

The Gauntlet flaw was discovered by Garrison Technologies Inc. and is described in CERT Advisory CA-2001-25. The advisory warns that a buffer overflow vulnerability would let an attacker run arbitrary programs on user systems running Gauntlet for Unix versions 5.x and 6.x, PGP e-ppliance 300 series 1.0, PGP e-ppliance 300 and 1000 series versions 1.5 and 2.0, McAfee e-ppliance 100 and 120 series, and McAfee WebShield for Solaris version 4.1.

The vulnerability can be fixed by applying a patch provided by PGP (at http://www.pgp.com/ support/product-advisories/ csmap.asp). CERT's advisory explains the vulnerability's serious impact, saying "firewalls often have trusted relationships with other network devices. An intruder who compromises a firewall may be able to leverage this trust to compromise other devices on the network or to make changes to the network configuration."

The EAL4 certification is from the British organization Common Criteria, whose mission is to create an internationally accepted criteria for the evaluation of information security products. Says Marvin Dickerson, director of product management for PGP Security, the Gauntlet firewall underwent extensive testing and analysis of the product's design and development methodology. According to PGP, evaluation of the Gauntlet 6.0 Firewall was conducted by Computer Sciences Corp., as an independent evaluator working within the Common Criteria guidelines.

Common Criteria was developed through collaboration between standards and national security organizations from Canada, France, Germany, the Netherlands, the United Kingdom, and the United States.

Garrison Technologies is an information security consulting firm in San Diego.

Read more about:

20012001

About the Author(s)

InformationWeek Staff

InformationWeek Staff

Contributor

See more from InformationWeek Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now