Mandrake Linux Security Advisory : shorewall (MDKSA-2005:123)
High Nessus Plugin ID 19267
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionA vulnerability was discovered in all versions of shorewall where a client accepted by MAC address filtering is able to bypass any other rule. If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION is set to ACCEPT in shorewall.conf, and a client is positively identified through its MAC address, it bypasses all other policies and rules in place, gaining access to all open services on the firewall.
Shorewall 2.0.17 is provided which fixes this issue.
SolutionUpdate the affected shorewall and / or shorewall-doc packages.