Lucene search

[email protected]CVE-2005-2317

HistoryJul 19, 2005 - 4:00 a.m.

CVE-2005-2317

2005-07-1904:00:00

[email protected]

web.nvd.nist.gov

shorewall

maclist_ttl

maclist_disposition

remote bypass

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.3 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.6%

JSON

Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before 2.0.17, when MACLIST_TTL is greater than 0 or MACLIST_DISPOSITION is set to ACCEPT, allows remote attackers with an accepted MAC address to bypass other firewall rules or policies.

Affected configurations

NVD

Node

shorewallshorewallMatch2.0.0

shorewallshorewallMatch2.0.0a

shorewallshorewallMatch2.0.0b

shorewallshorewallMatch2.0.1

shorewallshorewallMatch2.0.2

shorewallshorewallMatch2.0.2a

shorewallshorewallMatch2.0.2b

shorewallshorewallMatch2.0.2c

shorewallshorewallMatch2.0.2d

shorewallshorewallMatch2.0.2e

shorewallshorewallMatch2.0.2f

shorewallshorewallMatch2.0.3

shorewallshorewallMatch2.0.3a

shorewallshorewallMatch2.0.3b

shorewallshorewallMatch2.0.3c

shorewallshorewallMatch2.0.4

shorewallshorewallMatch2.0.5

shorewallshorewallMatch2.0.6

shorewallshorewallMatch2.0.7

shorewallshorewallMatch2.0.8

shorewallshorewallMatch2.0.9

shorewallshorewallMatch2.0.10

shorewallshorewallMatch2.0.11

shorewallshorewallMatch2.0.12

shorewallshorewallMatch2.0.13

shorewallshorewallMatch2.0.14

shorewallshorewallMatch2.0.15

shorewallshorewallMatch2.0.16

shorewallshorewallMatch2.2.0

shorewallshorewallMatch2.2.1

shorewallshorewallMatch2.2.2

shorewallshorewallMatch2.2.3

shorewallshorewallMatch2.2.4

shorewallshorewallMatch2.4.0

shorewallshorewallMatch2.4.0_rc1

shorewallshorewallMatch2.4.0_rc2

CPENameOperatorVersion
shorewall:shorewallshorewalleq2.0.0
shorewall:shorewallshorewalleq2.0.0a
shorewall:shorewallshorewalleq2.0.0b
shorewall:shorewallshorewalleq2.0.1
shorewall:shorewallshorewalleq2.0.2
shorewall:shorewallshorewalleq2.0.2a
shorewall:shorewallshorewalleq2.0.2b
shorewall:shorewallshorewalleq2.0.2c
shorewall:shorewallshorewalleq2.0.2d
shorewall:shorewallshorewalleq2.0.2e

CPE	Name	Operator	Version
shorewall:shorewall	shorewall	eq	2.0.0
shorewall:shorewall	shorewall	eq	2.0.0a
shorewall:shorewall	shorewall	eq	2.0.0b
shorewall:shorewall	shorewall	eq	2.0.1
shorewall:shorewall	shorewall	eq	2.0.2
shorewall:shorewall	shorewall	eq	2.0.2a
shorewall:shorewall	shorewall	eq	2.0.2b
shorewall:shorewall	shorewall	eq	2.0.2c
shorewall:shorewall	shorewall	eq	2.0.2d
shorewall:shorewall	shorewall	eq	2.0.2e