Package: fiaif Version: 1.20.0-2 Severity: critical Tags: security Justification: root security hole
Facts: FIAIF with 3 zones zone.tun zone.int zone.ext zone.tun is used for a tun device zone.int is for the internal lan zone.ext is for the internet zone.int settings: SNAT[0]="EXT ALL 192.168.0.0/27=>0.0.0.0/0" zone.tun settings: SNAT[0]="EXT ALL 0.0.0.0/0=>0.0.0.0/0" What should happen? Any computer of the tun zone should be natted to the ext one. A computer in range 192.168.0.0/27 in the int zone should be natted. With those settings, any computer in any zone gets natted to ext. It seems to me to be a *big* security problem. Laurent -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13-a7n Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages fiaif depends on: hi bash 3.0-15 The GNU Bourne Again SHell ii coreutils 5.2.1-2.1 The GNU core utilities ii cron 3.0pl1-92 management of regular background p ii debconf [debconf-2.0] 1.4.66 Debian configuration management sy ii debianutils 2.15.2 Miscellaneous utilities specific t ii dnsutils 1:9.3.1-2.0.1 Clients provided with BIND ii grep 2.5.1.ds2-4 GNU grep, egrep and fgrep ii iptables 1.3.3-2 Linux kernel 2.4+ iptables adminis ii logtail 1.2.42 Print log file lines that have not ii net-tools 1.60-17 The NET-3 networking toolkit ii sed 4.1.4-5 The GNU sed stream editor ii wget 1.10.1-1 retrieves files from the web fiaif recommends no packages. -- debconf information: fiaif/cron_logfile: * fiaif/warning: * fiaif/enable_cron: false * fiaif/enable_initd: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
