* Florian Weimer <[EMAIL PROTECTED]>: > * Martin Schulze: > > > What was the behaviour pre-sarge? > > What is the behaviour post-sarge (or rather in sarge)? > > Do you mean "before and after the upstream security update"? The > terms pre-sarge/post-sarge do not make much sense to me in this > context, I'm afraid. > > > What do you think is the vulnerability? > > The vulnerability is that the firewall fails to enforce the security > policy the user has configured.
Yes, that is the problem. You expect that certain kind of traffic is blocked but in fact it isn't. > [...] > Here's a draft, in case you want to upload a fixed package. > > (Note that I have yet to test Lorenzo's new package.) > > -------------------------------------------------------------------------- > Debian Security Advisory DSA ???-1 [EMAIL PROTECTED] > http://www.debian.org/security/ > September ???, 2005 http://www.debian.org/security/faq > -------------------------------------------------------------------------- > > Package : shorewall > Vulnerability : programming error > Problem-Type : remote > Debian-specific: no > CVE ID : CAN-2005-???? > Debian Bug : 318946 > > Supernaut noticed that shorewall could generate an iptables > configuration which is significantly more permissive than the rule set > given in the shorewall configuration. > [...] I think it perfectly explains the issue. -- lorenzo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
