The security hole, discovered about 10 days ago, occurs when Gauntlet is used with Mattel's Cyber Patrol software, according to Network Associates. The combination of the two applications causes a "buffer overflow vulnerability," which creates an entryway for cyberattacks on the network, the company in its advisory.
The software patch to close the security hole was released May 22 by Network Associates and is available for downloading on the company's website. The patch supports Gauntlet for Unix Versions 4.2, 5.0 and 5.5. The patch also should be applied to Network Associates' WebShield 100 and 300 series products, which are combined hardware/software bundles that include the Gauntlet firewall.
Users of Gauntlet for Unix 4.1 are being advised that a patch isn't available for their software. Instead, Version 4.1 users have to apply a manual workaround procedure outlined on the Network Associates site.
The Cyber Patrol software is installed by default as part of the Gauntlet package, then is disabled after 30 days, according to SecurityFocus.com, a Web-based security clearinghouse that also reported the security hole. The security breaches are only possible within that 30-day window, the SecurityFocus.com report said.