Mandrake Linux Security Advisory : shorewall (MDKSA-2005:123)

high Nessus Plugin ID 19267

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability was discovered in all versions of shorewall where a client accepted by MAC address filtering is able to bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client is positively identified through its MAC address, it bypasses all other policies and rules in place, gaining access to all open services on the firewall.

Shorewall 2.0.17 is provided which fixes this issue.

Solution

Update the affected shorewall and / or shorewall-doc packages.

See Also

http://shorewall.net/News.htm#20050717

Plugin Details

Severity: High

ID: 19267

File Name: mandrake_MDKSA-2005-123.nasl

Version: 1.18

Type: local

Published: 7/21/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:shorewall, cpe:/o:mandrakesoft:mandrake_linux:10.0, p-cpe:/a:mandriva:linux:shorewall-doc, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 7/20/2005

Reference Information

CVE: CVE-2005-2317

MDKSA: 2005:123