Title: TIS Firewall Toolkit Format String Vulnerability
Severity: MODERATE
Description:
A vulnerability exists in a component of TIS Firewall Toolkit, a set of utilities which assists in the implementation of network firewalls.
The x-gw (X-Windows Gateway) component of FWTK contains a format string bug which, depending on the method used to invoke x-gw, can permit an attacker to execute arbitrary code.
When x-gw is directed to connect to a given X Windows display, the name of the desired display is supplied by the user either as a command line parameter or as an environment variable.
If this input fails validity checks, an error message is displayed which includes the invalid user-supplied input. A format bug in the pmsg() function (x-gw/pmsg.c) used to display this message can permit maliciously-formed input to overwrite stack variables, such as the calling function's return address, with arbitrary values that can alter the program's flow of execution.
Note that if If x-gw is invoked with the telnet gateway component (tn-gw), certain checks on user input will eliminate this vulnerability. However, systems using other methods to start x-gw may be vulnerable, and should be carefully checked.
Affected Products:
- TIS Internet Firewall Toolkit 2.1.0
References:
- TIS: Firewall Toolkit Homepage
- geekgang: geekgang homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
