Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 261507 - <net-firewall/arno-iptables-firewall-1.9.0b Insecure Restart Security Issue
Summary: <net-firewall/arno-iptables-firewall-1.9.0b Insecure Restart Security Issue
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/34116/
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-07 00:01 UTC by Robert Buchholz (RETIRED)
Modified: 2009-07-03 16:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
updated ebuild to version 1.9.0b (arno-iptables-firewall-1.9.0b.ebuild,2.53 KB, text/plain)
2009-04-16 11:31 UTC, Johannes Kellner
no flags Details
updated ebuild to version 1.9.0b (arno-iptables-firewall-1.9.0b.ebuild,2.39 KB, text/plain)
2009-04-24 08:11 UTC, Johannes Kellner
no flags Details
updated ebuild to version 1.9.2a (arno-iptables-firewall-1.9.2a.ebuild,2.39 KB, text/plain)
2009-06-17 11:11 UTC, Johannes Kellner
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2009-03-07 00:01:08 UTC
Secunia wrote:
A security issue has been reported in Arno's IPTables Firewall, which
can be exploited by malicious people to bypass certain security
restrictions.

The security issue is caused due to an error while restarting the
firewall and can be exploited to send normally restricted network
packets to an affected system.

The security issue is reported in versions prior to 1.9.0b.

SOLUTION:
Update to version 1.9.0b.

PROVIDED AND/OR DISCOVERED BY:
Reported by Lonnie Abelbeck via the project's mailing list.

ORIGINAL ADVISORY:
http://rocky.eld.leidenuniv.nl/pipermail/firewall/2009-February/001046.html
http://rocky.eld.leidenuniv.nl/iptables-firewall/devel/1.9/CHANGELOG
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-03-07 00:02:06 UTC
This is maintainer-wanted. Either someone bump it or we'll wipe it out.
Comment 2 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-04-14 00:21:58 UTC
Candidate for maintainer-ship. New releases exist.

# Jeremy Olexa <darkside@gentoo.org> (14 Apr 2009)
# Masked for removal in 60 days. Security issues that warrant removal.
# Non-vulnerable version exist, just needs a maintainer. bug 261507
net-firewall/arno-iptables-firewall
Comment 3 Johannes Kellner 2009-04-16 11:31:03 UTC
Created attachment 188550 [details]
updated ebuild to version 1.9.0b

This is my first ebuild, so please check for mistakes!
Comment 4 Ryan Hill (RETIRED) gentoo-dev 2009-04-17 17:07:25 UTC
(In reply to comment #3)
> Created an attachment (id=188550) [edit]
> updated ebuild to version 1.9.0b
> 
> This is my first ebuild, so please check for mistakes!
> 

> KEYWORDS="amd64 x86"

~amd64 ~x86


> DEPEND="sys-apps/sed"
> RDEPEND="${DEPEND}
>    >=net-firewall/iptables-1.2.5
>    sys-apps/gawk
>    sys-apps/net-tools
>    sys-apps/coreutils
>    virtual/modutils
>    sys-process/procps
>    app-arch/gzip"

No need to specify things in @system (/usr/portage/profiles/base/packages), so that gives us:

RDEPEND=">=net-firewall/iptables-1.2.5"
DEPEND=${RDEPEND}


Other than that, it looks good.
Comment 5 Johannes Kellner 2009-04-24 08:11:30 UTC
Created attachment 189297 [details]
updated ebuild to version 1.9.0b
Comment 6 Johannes Kellner 2009-06-17 11:11:45 UTC
Created attachment 194981 [details]
updated ebuild to version 1.9.2a

Update to the recent version.
Comment 7 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-07-03 15:51:24 UTC
security: only non-vuln versions exist in the tree. Your bug.

Thanks Johannes for the ebuild!
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2009-07-03 16:28:20 UTC
great, thanks. closing noglsa.