Package: shorewall Version: 2.4.1-2 Severity: critical Tags: security A client accepted by MAC address filtering can bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to "ACCEPT" in /etc/shorewall/shorewall.conf (default is MACLIST_TTL=0 and MACLIST_DISPOSITION=REJECT), and a client is positively identified through its MAC address, it bypasses all other policies/rules in place, thus gaining access to all open services on the firewall.
-- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.11 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages shorewall depends on: ii debconf 1.4.49 Debian configuration management sy ii iproute 20041019-3 Professional tools to control the ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis -- debconf information: shorewall/upgrade_20_22: shorewall/upgrade_14_20: shorewall/upgrade_to_14: shorewall/warnrfc1918: * shorewall/dont_restart: shorewall/major_release: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
