Gauntlet Firewall Remote Buffer Overflow Vulnerability

BID:1234

Info

Gauntlet Firewall Remote Buffer Overflow Vulnerability

Bugtraq ID: 1234
Class: Boundary Condition Error
CVE: CVE-2000-0437
CVE-2004-0999
Remote: Yes
Local: No
Published: May 18 2000 12:00AM
Updated: Jul 11 2009 01:56AM
Credit: This vulnerability was discovered by Jim Stickley, with Garrison Technologies, and was reported to SecurityFocus.com on May 19, 2000.
Vulnerable: SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
Network Associates WebShield for Solaris 4.0
Network Associates WebShield E-ppliance 300.0
Network Associates WebShield E-ppliance 100.0
Network Associates Gauntlet Firewall 5.5
Network Associates Gauntlet Firewall 5.0
Network Associates Gauntlet Firewall 4.2
Network Associates Gauntlet Firewall 4.1
Not Vulnerable:

Discussion

Gauntlet Firewall Remote Buffer Overflow Vulnerability

A buffer overflow exists in the version of Mattel's Cyber Patrol software integrated in to Network Associates Gauntlet firewall, versions 4.1, 4.2, 5.0 and 5.5. Due to the manner in which Cyber Patrol was integrated, a vulnerability was introduced which could allow a remote attacker to gain root access on the firewall, or execute arbitrary commands on the firewall.

By default, Cyber Patrol is installed on Gauntlet installations, and runs for 30 days. After that period, it is disabled. During this 30 day period, the firewall is susceptible to attack,. Due to the filtering software being externally accessible, users not on the internal network may also be able to exploit the vulnerability.

Some versions of SGI IRIX shipped with the Gauntlet Firewall package, and in the past it was a supported SGI product. While it is no longer being supported, SGI IRIX versions 6.5.2, 6.5.3, 6.5.4 and 6.5.5 may be prone to this issue.

Exploit / POC

Gauntlet Firewall Remote Buffer Overflow Vulnerability

This exploit is written to run a test file called /bin/zz. Just throw a file called zz in /bin on the gauntlet firewall and chmod it to 700. Inside the zz file you should have it do something where it will leave you a log, as in the following example:

---
#!/bin/sh
echo "IT RAN" > /tmp/TEST
---

Solution / Fix

Gauntlet Firewall Remote Buffer Overflow Vulnerability

Solution:
Patches from NAI are available.


Network Associates WebShield E-ppliance 100.0

Network Associates WebShield E-ppliance 300.0

Network Associates WebShield for Solaris 4.0

Network Associates Gauntlet Firewall 4.1

Network Associates Gauntlet Firewall 4.2

Network Associates Gauntlet Firewall 5.0

Network Associates Gauntlet Firewall 5.5

References

Gauntlet Firewall Remote Buffer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report