Bugtraq mailing list archives
Astaro Response: Vulnerabilities in Astaro Security Linux 2.016
From: "Markus Hennig" <mhennig () astaro com>
Date: Wed, 6 Feb 2002 20:43:28 +0100
Hi, thankyou for the testing, we will fix the relevant issues in Up2Date 2.021, which will be out really soon. All Astaro users please note, that some of the mentioned issues are pretty theoretical and none of them contain any remote vulnerabilities. Best Regards, Markus
-----Original Message----- From: Jörg Lübbert [mailto:Joerg.Luebbert () t-online de] Sent: Saturday, February 02, 2002 7:40 PM To: bugtraq () securityfocus com Subject: Vulnerabilities in Astaro Security Linux 2.016 Preamble: Product: Astaro Security Linux Version: 2.016 Vendor: Astaro AG Vendor URL: http://www.astaro.com Vendor status and reply: Vendor has been contacted with posting of this message Description: Astaro develops and distributes the firewall solution Astaro Security Linux. Astaro Security Linux offers extensive protection for local networks against hackers, viruses and other risks of connecting to the Internet. Astaro Security Linux is distributed by a worldwide network of partners who offer local support regarding installation and maintenance. Introduction: Dear BugTraq readers. I've taken a short glimpse on Astaro Security Linux and found out some points of interest that are mostly design flaws. Please note that I am theorising (based on a 1 1/2 hour research only) about the impacts and have not proven their concepts on Astaro Security Linux yet even though most can be proved easily. Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... but as it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted. Vulnerabilities: Summary: 5 Design flaws 2 Completely theorised design flaws 1 Possible design flaw 1 Licensing violation 1 Software bug Category 1: Design flaw
Current thread:
- Astaro Response: Vulnerabilities in Astaro Security Linux 2.016 Markus Hennig (Feb 06)