The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Astaro Response: Vulnerabilities in Astaro Security Linux 2.016


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Wed, 6 Feb 2002 20:43:28 +0100
From: Markus Hennig <[email protected]>
To: [email protected]
Subject: Astaro Response: Vulnerabilities in Astaro Security Linux 2.016

Hi,

thankyou for the testing, we will fix the relevant issues in=20
Up2Date 2.021, which will be out really soon.=20
All Astaro  users please note, that some of the mentioned issues are=20
pretty theoretical and none of them contain any remote vulnerabilities.
=20
Best Regards,
Markus

> -----Original Message-----
> From: J=F6rg L=FCbbert [mailto:[email protected]]
> Sent: Saturday, February 02, 2002 7:40 PM
> To: [email protected]
> Subject: Vulnerabilities in Astaro Security Linux 2.016
>=20
>=20
> Preamble:
>=20
> Product: Astaro Security Linux
>=20
> Version: 2.016
>=20
> Vendor: Astaro AG
>=20
> Vendor URL: http://www.astaro.com
>=20
> Vendor status and reply: Vendor has been contacted with=20
> posting of this=20
> message
>=20
> Description:
> Astaro develops and distributes the firewall solution Astaro Security=20
> Linux. Astaro Security Linux offers extensive protection for local=20
> networks against hackers, viruses and other risks of=20
> connecting to the=20
> Internet. Astaro Security Linux is distributed by a worldwide=20
> network of=20
> partners who offer local support regarding installation and=20
> maintenance.
>=20
> Introduction:
> Dear BugTraq readers. I've taken a short glimpse on Astaro Security=20
> Linux and found out some points of interest that are mostly design=20
> flaws. Please note that I am theorising (based on a 1 1/2=20
> hour research=20
> only) about the impacts and have not proven their concepts on Astaro=20
> Security Linux yet even though most can be proved easily.
>=20
> Some of the vulnerabilities might be local and some might argue about=20
> that Astaro Security Linux is a Firewall and no server... but=20
> as it uses=20
> SSHD it could always be that the "loginuser" account might have been=20
> compromised and shell access granted.
>=20
>=20
>=20
> Vulnerabilities:
>=20
> Summary:
> 5 Design flaws
> 2 Completely theorised design flaws
> 1 Possible design flaw
> 1 Licensing violation
> 1 Software bug
>=20
>=20
>=20
> Category 1: Design flaw
>=20

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру