security advisoryupdatedebian
Due to use ofcertain improper filtering rules, traffic arriving on the externalinterface addressed for an internal host would be forwarded,regardless of whether it was associated with an establishedconnection.. - -------------------------------------------------------------------------- Debian Security Advisory DSA 389-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman September 20th, 2003 Debian -- Debian security FAQ - -------------------------------------------------------------------------- Package : ipmasq Vulnerability : insecure packet filtering rules Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0785 ipmasq is a package which simplifies configuration of Linux IP masquerading, a form of network address translation which allows a number of hosts to share a single public IP address. Due to use of certain improper filtering rules, traffic arriving on the external interface addressed for an internal host would be forwarded, regardless of whether it was associated with an established connection. This vulnerability could be exploited by an attacker capable of forwarding IP traffic with an arbitrary destination address to the external interface of a system with ipmasq installed. For the current stable distribution (woody) this problem has been fixed in version 3.5.10c. For the unstable distribution (sid) this problem has been fixed in version 3.5.12. We recommend that you update your ipmasq package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 aliaswoody - -------------------------------- Source archives: Size/MD5 checksum: 502 f5f259d819d47b687c3da42d931b1404 Size/MD5 checksum: 30656 e9a9a1f86bd88dcceaeba900698165bb Architecture independent components: Size/MD5 checksum: 47748 199a747d5c48c145cf34772f26cbba4d These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb Debian -- Security Information stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show ' and https://www.debian.org/distrib/packages -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/bM7qArxCt0PiXR4RArtIAJ9HhBf5J7Om4cU7hBwxRYUvJJ1mywCg10nu tzhzzArT1gq7C2Um9L0yljY=4/vt -----END PGP SIGNATURE----- . Fortify your system's defenses by updating the iptables package on your Ubuntu machine, mitigating risks in traffic management settings for superior protection.. Debian Update, Ipmasq Security, Packet Filtering Fix, Network Security. . Severity: Important. LinuxSecurity.com Team
Sep 20, 2003
•Important
Debian
Refine advisories
