Vulnerability Assessment & Network Security Forums
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.
Vulnerability Assessment Details
Shorewall: Security policy bypass
Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200507-20
(Shorewall: Security policy bypass)
Shorewall fails to enforce security policies if configured with
"MACLIST_DISPOSITION" set to "ACCEPT" or "MACLIST_TTL" set to a value
greater or equal to 0.
A client authenticated by MAC address filtering could bypass all
security policies, possibly permiting him to gain access to restricted
Set "MACLIST_TTL" to "0" and "MACLIST_DISPOSITION" to "REJECT" in
the Shorewall configuration file (usually
All Shorewall users should upgrade to the latest available
# emerge --sync
# emerge --ask --oneshot --verbose net-firewall/shorewall
Network Security Threat Level: Low
Networks Security ID:
Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
|CISCO 15454-M-100G-LC-C 100G OTU-4 ITU-T CP-DQPSK FULL C
|Cisco ASA 5510 Firewall with ASA Cisco ASA-SSM-10 AS-IS see note_
|Cisco AIR-LAP1252AG-A-K9 Aironet 1252 802.11A/G/N Lightweight WAP Access Point
|Cisco IP Phone Stand for SPA500S Expansion Module. STAND ONLY.
No Discussions have been posted on this vulnerability.