Advisories

Mandriva Advisories

Package name shorewall Date July 20th, 2005 Advisory ID MDKSA-2005:123 Affected versions 10.0, 10.1, CS3.0, MNF2.0, 10.2 Synopsis Updated shorewall packages fix vulnerability

Problem Description

A vulnerability was discovered in all versions of shorewall where a
client accepted by MAC address filtering is able to bypass any other
rule. If MACLIST_TTL is set to a value greater than 0 or
MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client
is positively identified through its MAC address, it bypasses all other
policies and rules in place, gaining access to all open services on the
firewall.

Shorewall 2.0.17 is provided which fixes this issue.

Updated Packages

Mandrakelinux 10.0

 c79cc264cd137ff9b43453ad118f86d8  10.0/RPMS/shorewall-2.0.17-1.1.100mdk.noarch.rpm
2dc01e35a2f4e9c06978b89a0c500fd7  10.0/RPMS/shorewall-doc-2.0.17-1.1.100mdk.noarch.rpm
ecbadb7b380e1fe28446e42459f8f866  10.0/SRPMS/shorewall-2.0.17-1.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 382209c91385b210f98af3757eb57ca0  amd64/10.0/RPMS/shorewall-2.0.17-1.1.100mdk.noarch.rpm
867db86742b343bfe793d90e5ca3bb25  amd64/10.0/RPMS/shorewall-doc-2.0.17-1.1.100mdk.noarch.rpm
ecbadb7b380e1fe28446e42459f8f866  amd64/10.0/SRPMS/shorewall-2.0.17-1.1.100mdk.src.rpm

Mandrakelinux 10.1

 52c9528635ecb77dd2926ff034e3da49  10.1/RPMS/shorewall-2.0.17-1.1.101mdk.noarch.rpm
2bd3af575e109773eb9e4a22b961f14f  10.1/RPMS/shorewall-doc-2.0.17-1.1.101mdk.noarch.rpm
af84aa6c42f562ba53663d9ba5d103d5  10.1/SRPMS/shorewall-2.0.17-1.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 ffe670f9812013f46f7c7ac3c62e7457  x86_64/10.1/RPMS/shorewall-2.0.17-1.1.101mdk.noarch.rpm
26871efc7e8d853d033f02258f849d95  x86_64/10.1/RPMS/shorewall-doc-2.0.17-1.1.101mdk.noarch.rpm
af84aa6c42f562ba53663d9ba5d103d5  x86_64/10.1/SRPMS/shorewall-2.0.17-1.1.101mdk.src.rpm

Corporate Server 3.0

 d40a41fe04b08d36e56c77586d19f5f0  corporate/3.0/RPMS/shorewall-2.0.17-1.1.C30mdk.noarch.rpm
dea5d0cd79767a5275ab60540b8e1958  corporate/3.0/RPMS/shorewall-doc-2.0.17-1.1.C30mdk.noarch.rpm
60fa0503a50cc1e13e624e1f4b8d0504  corporate/3.0/SRPMS/shorewall-2.0.17-1.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 f851108f517370ff74b13a7837728257  x86_64/corporate/3.0/RPMS/shorewall-2.0.17-1.1.C30mdk.noarch.rpm
611704186851b67d28cdf27c8995d90d  x86_64/corporate/3.0/RPMS/shorewall-doc-2.0.17-1.1.C30mdk.noarch.rpm
60fa0503a50cc1e13e624e1f4b8d0504  x86_64/corporate/3.0/SRPMS/shorewall-2.0.17-1.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 27d2a34beb323bc074793ce1c040c26a  mnf/2.0/RPMS/shorewall-2.0.17-1.1.M20mdk.noarch.rpm
6c5984b6bbe0cc07e368a197abfa6a12  mnf/2.0/RPMS/shorewall-doc-2.0.17-1.1.M20mdk.noarch.rpm
1dad701e2f3ef45a082dbca1662af127  mnf/2.0/SRPMS/shorewall-2.0.17-1.1.M20mdk.src.rpm

Mandriva Linux LE2005

 68358bdb82da0346d962639b8e34bd3b  10.2/RPMS/shorewall-2.0.17-1.1.102mdk.noarch.rpm
82cc68acf5f6433a376cd655af383bf5  10.2/RPMS/shorewall-doc-2.0.17-1.1.102mdk.noarch.rpm
616436e7fee5da63d8a23e690c6f4592  10.2/SRPMS/shorewall-2.0.17-1.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 8491649c643b10489a66c00a16e4bbd7  x86_64/10.2/RPMS/shorewall-2.0.17-1.1.102mdk.noarch.rpm
e4c204d6c6d1a8c24ecdf2bdb5a41e56  x86_64/10.2/RPMS/shorewall-doc-2.0.17-1.1.102mdk.noarch.rpm
616436e7fee5da63d8a23e690c6f4592  x86_64/10.2/SRPMS/shorewall-2.0.17-1.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2317
http://shorewall.net/News.htm#20050717

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.