NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers to bypass time-based packet filtering rules via certain out of period choices of packet transmission time.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nufw | Nufw | 2.2.3 (including) | 2.2.3 (including) |
| Nufw | Ubuntu | dapper | * |
| Nufw | Ubuntu | devel | * |
| Nufw | Ubuntu | edgy | * |
| Nufw | Ubuntu | feisty | * |
| Nufw | Ubuntu | gutsy | * |
| Nufw | Ubuntu | hardy | * |
| Nufw | Ubuntu | intrepid | * |
| Nufw | Ubuntu | jaunty | * |
| Nufw | Ubuntu | karmic | * |
| Nufw | Ubuntu | upstream | * |
References
- http://osvdb.org/39725
- http://secunia.com/advisories/26546
- http://www.nufw.org/+NuFW-2-2-4%2C201+.html
- http://www.securityfocus.com/bid/25379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36134
- http://osvdb.org/39725
- http://secunia.com/advisories/26546
- http://www.nufw.org/+NuFW-2-2-4%2C201+.html
- http://www.securityfocus.com/bid/25379
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36134