• info
• discussion
• exploit
• solution
• references

Shorewall Insecure Temporary File Handling Symbolic Link Vulnerability

Solution:
The vendor has provided fixes for this issue.

Mandrake has released an advisory (MDKSA-2004:080) and fixes to address this issue. Please see the referenced advisory for further details regarding obtaining and applying appropriate fixes.

Gentoo has released an advisory (GLSA 200407-07) to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge sync
emerge -pv ">=net-firewall/shorewall-1.4.10f"
emerge ">=net-firewall/shorewall-1.4.10f"


Shorewall Shorewall 1.3.14

• Mandrake shorewall-1.3.14-3.1.91mdk.noarch.rpm
  Mandrake Linux 9.1 & 9.1/PPC
  http://www.mandrakesecure.net/en/ftp.php

Shorewall Shorewall 1.3.7 c

• Mandrake shorewall-1.3.7c-1.1.C21mdk.noarch.rpm
  Mandrake Corporate Server 2.1 & 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake shorewall-doc-1.3.7c-1.1.C21mdk.noarch.rpm
  Mandrake Corporate Server 2.1 & 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

Shorewall Shorewall 1.4

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.1

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.10

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.2

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.3 a

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.3

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.4

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.5

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.6

• Mandrake shorewall-1.4.8-2.2.92mdk.noarch.rpm
  Mandrake Linux 9.2 & 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake shorewall-doc-1.4.8-2.2.92mdk.noarch.rpm
  Mandrake Linux 9.2 & 9.2/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.7

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.8

• Mandrake shorewall-2.0.1-3.2.100mdk.noarch.rpm
  Mandrake Linux 10.0 & 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake shorewall-doc-2.0.1-3.2.100mdk.noarch.rpm
  Mandrake Linux 10.0 & 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 1.4.9

• Shorewall shorewall-1.4.10f
  ftp://shorewall.net/pub/shorewall/shorewall-1.4.10f

Shorewall Shorewall 2.0

• Shorewall shorewall-2.0.3a
  ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a

Shorewall Shorewall 2.0.1

• Shorewall shorewall-2.0.3a
  ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a

Shorewall Shorewall 2.0.2

• Shorewall shorewall-2.0.3a
  ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a

Shorewall Shorewall 2.0.3

• Shorewall shorewall-2.0.3a
  ftp://shorewall.net/pub/shorewall/shorewall-2.0.3a