This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200507-20
(Shorewall: Security policy bypass)
Shorewall fails to enforce security policies if configured with
'MACLIST_DISPOSITION' set to 'ACCEPT' or 'MACLIST_TTL' set to a value
greater or equal to 0.
A client authenticated by MAC address filtering could bypass all
security policies, possibly allowing him to gain access to restricted
services. The default installation has MACLIST_DISPOSITION=REJECT and
MACLIST_TTL=(blank) (equivalent to 0). This can be checked by looking
at the settings in /etc/shorewall/shorewall.conf
Set 'MACLIST_TTL' to '0' and 'MACLIST_DISPOSITION' to 'REJECT' in the
Shorewall configuration file (usually /etc/shorewall/shorewall.conf).
See also :
All Shorewall users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose net-firewall/shorewall
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 19282 (gentoo_GLSA-200507-20.nasl)
CVE ID: CVE-2005-2317
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.