Description
Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.
Product(s):
- Shorewall 2.0.0
- Shorewall 2.0.0a
- Shorewall 2.0.0b
- Shorewall 2.0.10
- Shorewall 2.0.11
- Shorewall 2.0.12
- Shorewall 2.0.13
- Shorewall 2.0.14
- Shorewall 2.0.15
- Shorewall 2.0.16
- Shorewall 2.0.1
- Shorewall 2.0.2
- Shorewall 2.0.2a
- Shorewall 2.0.2b
- Shorewall 2.0.2c
- Shorewall 2.0.2d
- Shorewall 2.0.2e
- Shorewall 2.0.2f
- Shorewall 2.0.3
- Shorewall 2.0.3a
- Shorewall 2.0.3b
- Shorewall 2.0.3c
- Shorewall 2.0.4
- Shorewall 2.0.5
- Shorewall 2.0.6
- Shorewall 2.0.7
- Shorewall 2.0.8
- Shorewall 2.0.9
- Shorewall 2.2.0
- Shorewall 2.2.1
- Shorewall 2.2.2
- Shorewall 2.2.3
- Shorewall 2.2.4
- Shorewall 2.4.0
- Shorewall 2.4.0 RC1
- Shorewall 2.4.0 RC2
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2317, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2317 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.