Bug 190030 - net-firewall/nufw < 2.2.4 rule bypass (CVE-2007-4461)
Bug#: 190030 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: py@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/26546/
Summary: net-firewall/nufw < 2.2.4 rule bypass (CVE-2007-4461)
Keywords:  
Status Whiteboard: ~4 [noglsa] p-y
Opened: 2007-08-24 11:38 0000
Description:   Opened: 2007-08-24 11:38 0000 
A security issue has been reported in NuFW, which can be exploited by malicious
people to bypass certain security restrictions.

The security issue is caused due to NuFW not correctly dropping packets with an
out of period arrival time, which can be exploited to bypass the filtering
rules.

The security issue is reported in versions 2.2.x up to but not including 2.2.4.

Solution:
Update to version 2.2.4.

------- Comment #1 From Pierre-Yves Rofes 2007-08-24 11:40:28 0000 ------- 
setting status / cc'ing. cedk, please bump as necessary.

------- Comment #2 From Cédric Krier 2007-08-24 18:43:25 0000 ------- 
Version bump to 2.2.4 in cvs
Need perhaps to mask the version 2.2.0 ?

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-08-24 19:40:00 0000 ------- 
Thx for the quick response cedk. Masking or purging would be nice but not
required.

------- Comment #4 From Cédric Krier 2007-08-24 20:46:10 0000 ------- 
Remove from cvs