Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200507-20] Shorewall: Security policy bypass


Vulnerability Assessment Details

[GLSA-200507-20] Shorewall: Security policy bypass

Vulnerability Assessment Summary
Shorewall: Security policy bypass

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200507-20
(Shorewall: Security policy bypass)


Shorewall fails to enforce security policies if configured with
"MACLIST_DISPOSITION" set to "ACCEPT" or "MACLIST_TTL" set to a value
greater or equal to 0.

Impact

A client authenticated by MAC address filtering could bypass all
security policies, possibly permiting him to gain access to restricted
services.

Workaround

Set "MACLIST_TTL" to "0" and "MACLIST_DISPOSITION" to "REJECT" in
the Shorewall configuration file (usually
/etc/shorewall/shorewall.conf).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2317
http://www.shorewall.net/News.htm#20050717


Solution:
All Shorewall users should upgrade to the latest available
version:
# emerge --sync
# emerge --ask --oneshot --verbose net-firewall/shorewall


Network Security Threat Level: Low


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi

Cables, Connectors

Dell PowerEdge R720 Server 2.80Ghz 20-Core 256GB 2x 400GB SAS SSD 12G 8x 1TB SSD
$3291.04
Dell PowerEdge R720 Server 2.80Ghz 20-Core 256GB 2x 400GB SAS SSD 12G 8x 1TB SSD pictureDell Poweredge R710 2X X5670 Hex Core Xeon's @ 2.7 Ghz 48GB Ram WIN 2019
$225.0
Dell Poweredge R710 2X X5670 Hex Core Xeon's @ 2.7 Ghz 48GB Ram WIN 2019 pictureDELL PowerEdge R720 Server 2x 2.70Ghz E5-2697v2 12C 384GB 8x 1TB SSD Premium
$3607.41
DELL PowerEdge R720 Server 2x 2.70Ghz E5-2697v2 12C 384GB 8x 1TB SSD Premium pictureDell PowerEdge R620 Server 2.20Ghz 16-Core 256GB 3x512GB SSD 7x1TB SSD Mid-Level
$2596.89
Dell PowerEdge R620 Server 2.20Ghz 16-Core 256GB 3x512GB SSD 7x1TB SSD Mid-Level picture


Discussions

No Discussions have been posted on this vulnerability.