[Shorewall-users] URGENT: Shorewall Security Vulnerability
Tom Eastep
teastep at shorewall.net
Mon Jun 28 13:02:24 PDT 2004
Javier Fernández-Sanguino Peña has discovered an exploitable
vulnerability in the way that Shorewall handles temporary files and
directories. The vulnerability can allow a non-root user to cause
arbitrary files on the system to be overwritten. LEAF Bering and Bering
uClibc users are generally not at risk due to the fact that LEAF boxes
do not typically allow logins by non-root users.
For 2.0 users, the problem is corrected in version 2.0.3a:
http://shorewall.net/pub/shorewall/shorewall-2.0.3a
ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a
For 1.4 users, the correct version is:
http://shorewall.net/pub/shorewall/shorewall-1.4.10f
ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f
I would appreciate immediate feedback on the 1.4.10f version; given that
I don't have any 1.4 systems remaining, I couldn't fully test that code.
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep at shorewall.net
More information about the Shorewall-users
mailing list