drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Umgehung von Rechteprüfungen in Shorewall
Name: |
Umgehung von Rechteprüfungen in Shorewall |
|
ID: |
USN-197-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 4.10, Ubuntu 5.04 |
|
Datum: |
Mo, 10. Oktober 2005, 13:14 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2317 |
|
Applikationen: |
Shoreline Firewall |
|
Originalnachricht |
--===============0202501560== Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="fdj2RfSjLxBAspz7" Content-Disposition: inline
--fdj2RfSjLxBAspz7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
=========================================================== Ubuntu Security Notice USN-197-1 October 10, 2005 shorewall vulnerability CAN-2005-2317 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
shorewall
The problem can be corrected by upgrading the affected package to version 2.0.2-4ubuntu2.1 (for Ubuntu 4.10), or 2.0.13-1ubuntu0.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
A firewall bypass vulnerability has been found in shorewall. If MACLIST_TTL was set to a value greater than 0 or MACLIST_DISPOSITION was set to "ACCEPT" in /etc/shorewall/shorewall.conf, and a client was positively identified through its MAC address, that client bypassed all other policies/rules in place. This could allow external computers to get access to ports that are intended to be restricted by the firewall policy.
Please note that this does not affect the default configuration, which does not enable MAC based client identification.
Updated packages for Ubuntu 4.10:
Source archives:
shorewall_2.0.2-4ubuntu2.1.diff.gz Size/MD5: 29530 7188d2c0672607fc760df58561794b41 shorewall_2.0.2-4ubuntu2.1.dsc Size/MD5: 666 dba831fba43c9826df27f162f7b3e658 shorewall_2.0.2.orig.tar.gz Size/MD5: 104461 ea85fc5cab2d09bff04d368c3b20f3e1
Architecture independent packages:
shorewall_2.0.2-4ubuntu2.1_all.deb Size/MD5: 109346 67800229efa15b34335898eba9d4e736
Updated packages for Ubuntu 5.04:
Source archives:
shorewall_2.0.13-1ubuntu0.1.diff.gz Size/MD5: 31259 0ce979721e9d9bf3e912665ec696be60 shorewall_2.0.13-1ubuntu0.1.dsc Size/MD5: 677 81a0a178e75b7fdd07ce9d27a329a727 shorewall_2.0.13.orig.tar.gz Size/MD5: 104276 b3656ec857d55878b739d8f903de957d
Architecture independent packages:
shorewall_2.0.13-1ubuntu0.1_all.deb Size/MD5: 125950 2971b9d2ebfbf1bf3ee3dd7d26d9fff0
--fdj2RfSjLxBAspz7 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDSksODecnbV4Fd/IRAqdWAJ9vaFZdhzhtHPKBQnEjvCEhjW+QbwCgga9h cSiFyy2D2ZDoRId1MNpRWno= =eS1Q -----END PGP SIGNATURE-----
--fdj2RfSjLxBAspz7--
--===============0202501560== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============0202501560==--
|
|
|
|