ID CVE-2005-2317
Summary Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.
References
Vulnerable Configurations
  • cpe:2.3:a:shorewall:shorewall:2.0.0
    cpe:2.3:a:shorewall:shorewall:2.0.0
  • cpe:2.3:a:shorewall:shorewall:2.0.0a
    cpe:2.3:a:shorewall:shorewall:2.0.0a
  • cpe:2.3:a:shorewall:shorewall:2.0.0b
    cpe:2.3:a:shorewall:shorewall:2.0.0b
  • cpe:2.3:a:shorewall:shorewall:2.0.1
    cpe:2.3:a:shorewall:shorewall:2.0.1
  • cpe:2.3:a:shorewall:shorewall:2.0.10
    cpe:2.3:a:shorewall:shorewall:2.0.10
  • cpe:2.3:a:shorewall:shorewall:2.0.11
    cpe:2.3:a:shorewall:shorewall:2.0.11
  • cpe:2.3:a:shorewall:shorewall:2.0.12
    cpe:2.3:a:shorewall:shorewall:2.0.12
  • cpe:2.3:a:shorewall:shorewall:2.0.13
    cpe:2.3:a:shorewall:shorewall:2.0.13
  • cpe:2.3:a:shorewall:shorewall:2.0.14
    cpe:2.3:a:shorewall:shorewall:2.0.14
  • cpe:2.3:a:shorewall:shorewall:2.0.15
    cpe:2.3:a:shorewall:shorewall:2.0.15
  • cpe:2.3:a:shorewall:shorewall:2.0.16
    cpe:2.3:a:shorewall:shorewall:2.0.16
  • cpe:2.3:a:shorewall:shorewall:2.0.2
    cpe:2.3:a:shorewall:shorewall:2.0.2
  • cpe:2.3:a:shorewall:shorewall:2.0.2a
    cpe:2.3:a:shorewall:shorewall:2.0.2a
  • cpe:2.3:a:shorewall:shorewall:2.0.2b
    cpe:2.3:a:shorewall:shorewall:2.0.2b
  • cpe:2.3:a:shorewall:shorewall:2.0.2c
    cpe:2.3:a:shorewall:shorewall:2.0.2c
  • cpe:2.3:a:shorewall:shorewall:2.0.2d
    cpe:2.3:a:shorewall:shorewall:2.0.2d
  • cpe:2.3:a:shorewall:shorewall:2.0.2e
    cpe:2.3:a:shorewall:shorewall:2.0.2e
  • cpe:2.3:a:shorewall:shorewall:2.0.2f
    cpe:2.3:a:shorewall:shorewall:2.0.2f
  • cpe:2.3:a:shorewall:shorewall:2.0.3
    cpe:2.3:a:shorewall:shorewall:2.0.3
  • cpe:2.3:a:shorewall:shorewall:2.0.3a
    cpe:2.3:a:shorewall:shorewall:2.0.3a
  • cpe:2.3:a:shorewall:shorewall:2.0.3b
    cpe:2.3:a:shorewall:shorewall:2.0.3b
  • cpe:2.3:a:shorewall:shorewall:2.0.3c
    cpe:2.3:a:shorewall:shorewall:2.0.3c
  • cpe:2.3:a:shorewall:shorewall:2.0.4
    cpe:2.3:a:shorewall:shorewall:2.0.4
  • cpe:2.3:a:shorewall:shorewall:2.0.5
    cpe:2.3:a:shorewall:shorewall:2.0.5
  • cpe:2.3:a:shorewall:shorewall:2.0.6
    cpe:2.3:a:shorewall:shorewall:2.0.6
  • cpe:2.3:a:shorewall:shorewall:2.0.7
    cpe:2.3:a:shorewall:shorewall:2.0.7
  • cpe:2.3:a:shorewall:shorewall:2.0.8
    cpe:2.3:a:shorewall:shorewall:2.0.8
  • cpe:2.3:a:shorewall:shorewall:2.0.9
    cpe:2.3:a:shorewall:shorewall:2.0.9
  • cpe:2.3:a:shorewall:shorewall:2.2.0
    cpe:2.3:a:shorewall:shorewall:2.2.0
  • cpe:2.3:a:shorewall:shorewall:2.2.1
    cpe:2.3:a:shorewall:shorewall:2.2.1
  • cpe:2.3:a:shorewall:shorewall:2.2.2
    cpe:2.3:a:shorewall:shorewall:2.2.2
  • cpe:2.3:a:shorewall:shorewall:2.2.3
    cpe:2.3:a:shorewall:shorewall:2.2.3
  • cpe:2.3:a:shorewall:shorewall:2.2.4
    cpe:2.3:a:shorewall:shorewall:2.2.4
  • cpe:2.3:a:shorewall:shorewall:2.4.0
    cpe:2.3:a:shorewall:shorewall:2.4.0
  • cpe:2.3:a:shorewall:shorewall:2.4.0_rc1
    cpe:2.3:a:shorewall:shorewall:2.4.0_rc1
  • cpe:2.3:a:shorewall:shorewall:2.4.0_rc2
    cpe:2.3:a:shorewall:shorewall:2.4.0_rc2
CVSS
Base: 7.5 (as of 20-07-2005 - 09:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-849.NASL
    description 'Supernaut' noticed that shorewall, the Shoreline Firewall, could generate an iptables configuration which is significantly more permissive than the rule set given in the shorewall configuration, if MAC verification are used in a non-default manner. When MACLIST_DISPOSITION is set to ACCEPT in the shorewall.conf file, all packets from hosts which fail the MAC verification pass through the firewall, without further checks. When MACLIST_TTL is set to a non-zero value, packets from hosts which pass the MAC verification pass through the firewall, again without further checks.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19957
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19957
    title Debian DSA-849-1 : shorewall - programming error
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200507-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200507-20 (Shorewall: Security policy bypass) Shorewall fails to enforce security policies if configured with 'MACLIST_DISPOSITION' set to 'ACCEPT' or 'MACLIST_TTL' set to a value greater or equal to 0. Impact : A client authenticated by MAC address filtering could bypass all security policies, possibly allowing him to gain access to restricted services. The default installation has MACLIST_DISPOSITION=REJECT and MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking at the settings in /etc/shorewall/shorewall.conf Workaround : Set 'MACLIST_TTL' to '0' and 'MACLIST_DISPOSITION' to 'REJECT' in the Shorewall configuration file (usually /etc/shorewall/shorewall.conf).
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 19282
    published 2005-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19282
    title GLSA-200507-20 : Shorewall: Security policy bypass
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-197-1.NASL
    description A firewall bypass vulnerability has been found in shorewall. If MACLIST_TTL was set to a value greater than 0 or MACLIST_DISPOSITION was set to 'ACCEPT' in /etc/shorewall/shorewall.conf, and a client was positively identified through its MAC address, that client bypassed all other policies/rules in place. This could allow external computers to get access to ports that are intended to be restricted by the firewall policy. Please note that this does not affect the default configuration, which does not enable MAC based client identification. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20611
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20611
    title Ubuntu 4.10 / 5.04 : shorewall vulnerability (USN-197-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-123.NASL
    description A vulnerability was discovered in all versions of shorewall where a client accepted by MAC address filtering is able to bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client is positively identified through its MAC address, it bypasses all other policies and rules in place, gaining access to all open services on the firewall. Shorewall 2.0.17 is provided which fixes this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19267
    published 2005-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19267
    title Mandrake Linux Security Advisory : shorewall (MDKSA-2005:123)
refmap via4
bid 14292
confirm http://shorewall.net/News.htm#20050717
debian DSA-849
fulldisc 20050718 Shorewall MACLIST Problem
gentoo GLSA-200507-20
secunia
  • 16087
  • 17110
  • 17113
ubuntu USN-197-1
Last major update 05-09-2008 - 16:51
Published 19-07-2005 - 00:00
Back to Top