GLSA-200507-20 : Shorewall: Security policy bypass

high Nessus Plugin ID 19282

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200507-20 (Shorewall: Security policy bypass)

Shorewall fails to enforce security policies if configured with 'MACLIST_DISPOSITION' set to 'ACCEPT' or 'MACLIST_TTL' set to a value greater or equal to 0.
Impact :

A client authenticated by MAC address filtering could bypass all security policies, possibly allowing him to gain access to restricted services. The default installation has MACLIST_DISPOSITION=REJECT and MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking at the settings in /etc/shorewall/shorewall.conf Workaround :

Set 'MACLIST_TTL' to '0' and 'MACLIST_DISPOSITION' to 'REJECT' in the Shorewall configuration file (usually /etc/shorewall/shorewall.conf).

Solution

All Shorewall users should upgrade to the latest available version:
# emerge --sync # emerge --ask --oneshot --verbose net-firewall/shorewall

See Also

http://www.shorewall.net/News.htm#20050717

https://security.gentoo.org/glsa/200507-20

Plugin Details

Severity: High

ID: 19282

File Name: gentoo_GLSA-200507-20.nasl

Version: 1.16

Type: local

Published: 7/22/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:shorewall, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 7/22/2005

Vulnerability Publication Date: 7/17/2005

Reference Information

CVE: CVE-2005-2317

GLSA: 200507-20