CNET también está disponible en español.

Ir a español

Don't show this again


Network Associates warns of firewall security hole

The computer security company is urging its firewall customers to patch a security hole that leaves networks vulnerable to attack.

Network Associates is urging its firewall customers to patch a security hole that leaves networks vulnerable to attack.

The company's Gauntlet software governs traffic between a network, such as a corporate intranet, and outside networks, such as the Internet. But because of a common coding flaw known as a buffer overflow vulnerability, the protective software opens an avenue for hackers seeking to wrest control of a network.

The trouble with Gauntlet is in the way it communicates with Mattel's Cyber Patrol--"filtering" software that blocks access to Web sites that parents or network administrators deem inappropriate.

"The buffer overflow is associated with a specific part of the firewall dealing with URL filtering," said Jim Ishikawa, vice president of marketing for PGP Security, a unit of Network Associates. "At the integration point with our firewall, customers who are running Cyber Patrol are vulnerable. But it's Network Associates' bug."

Buffer overflow attacks, said to be the most common computer security problem of the past decade, are caused when an attacker floods a computer's memory with more characters than it can accommodate. An improperly coded buffer responds to such attacks by crashing the application, and the excess code, potentially malicious, can be run upon restarting the computer.

"A hacker could send information to the product and overflow buffer," Ishikawa said. "It allows you to put bits in a different part of memory, where they shouldn't be."

Ishikawa said Network Associates learned of the issue a week ago Friday and posted an alert to its customers the following Monday morning.

The bug affects only versions of Gauntlet for the Unix operating system. Network Associates posted an advisory and patches for the bug, which was also reported by Security Focus.