var-200109-0126
Vulnerability from variot
Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. A remotely exploitable buffer overflow exists in the Gauntlet Firewall. A boundary condition error exists in the smap/smapd and CSMAPD daemons, shipped with several popular Network Associates products. The smap/smapd and CSMAP daemons are proxy servers used to handle e-mail transactions for both inbound and outbound e-mail. By successfully exploiting this condition, an attacker may be able to cause arbitrary code/commands to be executed on a vulnerable system with the privileges of the attacked daemon. Additional technical details are currently unknown. Some versions of SGI IRIX shipped with the Gauntlet Firewall package, and in the past it was a supported SGI product. While it is no longer being supported, SGI IRIX versions 6.5.2, 6.5.3, 6.5.4 and 6.5.5 may be prone to this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200109-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mcafee e-ppliance",
"scope": "eq",
"trust": 1.6,
"vendor": "network associates",
"version": "120_series"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.5"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.4"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.3"
},
{
"model": "irix",
"scope": "eq",
"trust": 1.3,
"vendor": "sgi",
"version": "6.2"
},
{
"model": "e-ppliance 300",
"scope": "eq",
"trust": 1.0,
"vendor": "pgp",
"version": "1.0"
},
{
"model": "mcafee e-ppliance",
"scope": "eq",
"trust": 1.0,
"vendor": "network associates",
"version": "100_series"
},
{
"model": "webshield smtp",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "4.1"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "network associates",
"version": "unix_6.0"
},
{
"model": "e-ppliance 300",
"scope": "eq",
"trust": 1.0,
"vendor": "pgp",
"version": "2.0"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "network associates",
"version": "unix_5.5"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "network associates",
"version": "4.2"
},
{
"model": "webshield smtp",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "4.0"
},
{
"model": "gauntlet firewall",
"scope": "eq",
"trust": 1.0,
"vendor": "network associates",
"version": "unix_5.0"
},
{
"model": "e-ppliance 300",
"scope": "eq",
"trust": 1.0,
"vendor": "pgp",
"version": "1.5"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pgp",
"version": null
},
{
"model": "pgp e-ppliance",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3002.0"
},
{
"model": "pgp e-ppliance",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3001.5"
},
{
"model": "pgp e-ppliance",
"scope": "eq",
"trust": 0.3,
"vendor": "securecomputing",
"version": "3001.0"
},
{
"model": "associates pgp e-ppliance series",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "3002.0"
},
{
"model": "associates pgp e-ppliance series",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "3001.5"
},
{
"model": "associates pgp e-ppliance series",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "3001.0"
},
{
"model": "associates gauntlet firewall for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "6.0"
},
{
"model": "associates gauntlet firewall for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "5.5"
},
{
"model": "associates gauntlet firewall for unix",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "5.0"
},
{
"model": "associates gauntlet firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "network",
"version": "4.2"
},
{
"model": "webshield for solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "mcafee",
"version": "4.0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "BID",
"id": "3290"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:webshield_smtp:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:webshield_smtp:4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:pgp:e-ppliance_300:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:network_associates:gauntlet_firewall:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:network_associates:gauntlet_firewall:unix_5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:network_associates:gauntlet_firewall:unix_5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:network_associates:gauntlet_firewall:unix_6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:pgp:e-ppliance_300:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:pgp:e-ppliance_300:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:network_associates:mcafee_e-ppliance:100_series:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:network_associates:mcafee_e-ppliance:120_series:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1456"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovered by Jim Stickley of Garrison Technologies and published in a PGP Security Advisory on September 4, 2001.",
"sources": [
{
"db": "BID",
"id": "3290"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1456",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1456",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#206723",
"trust": 0.8,
"value": "50.63"
},
{
"author": "CNNVD",
"id": "CNNVD-200109-005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4260",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "VULHUB",
"id": "VHN-4260"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for Gauntlet Firewall 5.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted mail message. A remotely exploitable buffer overflow exists in the Gauntlet Firewall. A boundary condition error exists in the smap/smapd and CSMAPD daemons, shipped with several popular Network Associates products. The smap/smapd and CSMAP daemons are proxy servers used to handle e-mail transactions for both inbound and outbound e-mail. \nBy successfully exploiting this condition, an attacker may be able to cause arbitrary code/commands to be executed on a vulnerable system with the privileges of the attacked daemon. \nAdditional technical details are currently unknown. \nSome versions of SGI IRIX shipped with the Gauntlet Firewall package, and in the past it was a supported SGI product. While it is no longer being supported, SGI IRIX versions 6.5.2, 6.5.3, 6.5.4 and 6.5.5 may be prone to this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "BID",
"id": "3290"
},
{
"db": "VULHUB",
"id": "VHN-4260"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#206723",
"trust": 2.5
},
{
"db": "BID",
"id": "3290",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1456",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005",
"trust": 0.7
},
{
"db": "SGI",
"id": "20011104-01-I",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "CA-2001-25",
"trust": 0.6
},
{
"db": "XF",
"id": "7088",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4260",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "VULHUB",
"id": "VHN-4260"
},
{
"db": "BID",
"id": "3290"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"id": "VAR-200109-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4260"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:05:39.848000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4260"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3290"
},
{
"trust": 1.7,
"url": "http://www.cert.org/advisories/ca-2001-25.html"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/206723"
},
{
"trust": 1.7,
"url": "ftp://patches.sgi.com/support/free/security/advisories/20011104-01-i"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7088"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/7088"
},
{
"trust": 0.3,
"url": "http://www.pgp.com/support/product-advisories/csmap.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "VULHUB",
"id": "VHN-4260"
},
{
"db": "BID",
"id": "3290"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#206723"
},
{
"db": "VULHUB",
"id": "VHN-4260"
},
{
"db": "BID",
"id": "3290"
},
{
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#206723"
},
{
"date": "2001-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-4260"
},
{
"date": "2001-09-04T00:00:00",
"db": "BID",
"id": "3290"
},
{
"date": "2001-09-04T04:00:00",
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"date": "2001-09-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-09-06T00:00:00",
"db": "CERT/CC",
"id": "VU#206723"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-4260"
},
{
"date": "2015-03-19T09:07:00",
"db": "BID",
"id": "3290"
},
{
"date": "2017-07-11T01:29:08.197000",
"db": "NVD",
"id": "CVE-2001-1456"
},
{
"date": "2006-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution",
"sources": [
{
"db": "CERT/CC",
"id": "VU#206723"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200109-005"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.