Title: Debian Linux Mason Init.d Firewall Loading Failure Vulnerability
Severity: HIGH
Description:
Mason is a Linux based firewall application to facilitate automatic creation of ipfwadm or ipchains firewall rules.
The Debian Linux Mason package is prone to an issue that may cause the firewall not to load at system startup. A startup script is missing from the installation package which performs the required startup function.
The associated 'init.d' startup script is not included in the affected distribution of this application. As a result, the firewall is not started up after a reboot of the affected computer. This could create a false sense of security as the expecte
A remote attacker may exploit this configuration error by connecting to ports that would otherwise be remotely unavailable. This could expose the computer to exploitation of latent vulnerabilities in services that are expected to be firewalled, especially if the computer is directly connected to the Internet.
Affected Products:
- Debian Linux 3.1.0
- Debian Linux 3.1.0 alpha
- Debian Linux 3.1.0 amd64
- Debian Linux 3.1.0 arm
- Debian Linux 3.1.0 hppa
- Debian Linux 3.1.0 ia-32
- Debian Linux 3.1.0 ia-64
- Debian Linux 3.1.0 m68k
- Debian Linux 3.1.0 mips
- Debian Linux 3.1.0 mipsel
- Debian Linux 3.1.0 ppc
- Debian Linux 3.1.0 s/390
- Debian Linux 3.1.0 sparc
- Debian mason 0.13.0 .92
References:
- Debian: Debian Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
