Lucene search

Gentoo Security Advisory GLSA 200407-07 (Shorewall)

Gentoo Security Advisory for Shorewall updat

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Cvelist	CVE-2004-0647	13 Jul 200404:00	–	cvelist
Gentoo Linux	Shorewall : Insecure temp file handling	8 Jul 200400:00	–	gentoo
OpenVAS	Gentoo Security Advisory GLSA 200407-07 (Shorewall)	24 Sep 200800:00	–	openvas
Tenable Nessus	GLSA-200407-07 : Shorewall : Insecure temp file handling	30 Aug 200400:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : shorewall (MDKSA-2004:080)	22 Aug 200400:00	–	nessus
CVE	CVE-2004-0647	6 Aug 200404:00	–	cve
NVD	CVE-2004-0647	6 Aug 200404:00	–	nvd
Debian CVE	CVE-2004-0647	6 Aug 200404:00	–	debiancve

Source	Link
lists	www.lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html
securityspace	www.securityspace.com/smysecure/catid.html
bugs	www.bugs.gentoo.org/show_bug.cgi

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.54614");
  script_cve_id("CVE-2004-0647");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
  script_name("Gentoo Security Advisory GLSA 200407-07 (Shorewall)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Gentoo Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
  script_tag(name:"insight", value:"Shorewall contains a bug in the code handling the creation of temporary
files and directories. This can allow a non-root user to overwrite
arbitrary system files.");
  script_tag(name:"solution", value:"All users should upgrade to the latest available version of Shorewall, as
follows:

    # emerge sync

    # emerge -pv '>=net-firewall/shorewall-1.4.10f'
    # emerge '>=net-firewall/shorewall-1.4.10f'");

  script_xref(name:"URL", value:"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-07");
  script_xref(name:"URL", value:"http://bugs.gentoo.org/show_bug.cgi?id=55675");
  script_xref(name:"URL", value:"http://lists.shorewall.net/pipermail/shorewall-announce/2004-June/000385.html");
  script_tag(name:"summary", value:"The remote host is missing updates announced in
advisory GLSA 200407-07.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("pkg-lib-gentoo.inc");
include("revisions-lib.inc");

res = "";
report = "";
report = "";
if ((res = ispkgvuln(pkg:"net-firewall/shorewall", unaffected: make_list("ge 1.4.10f"), vulnerable: make_list("le 1.4.10c"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

24 Sep 2008 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS24.6

EPSS0.00068