Re: FWTK x-gw Security Advisory [GSA2000-01]

[Rick Murphy <rmurphy () ITM-INST COM>]

There's a short solution for this problem -
Don't allow anyone other than administrator to log in to your firewall
directly.
Or, don't run x-gw setuid.

If either of the above is true, the bug can't be exploited. I'd like to
think there's nobody out there running x-gw setuid root. (You're supposed
to TURN OFF the setuid bits of unnecessary programs, not grant root
permission to programs that don't need it.) However, if you're running that
way, chmod 555 x-gw and you're safe.
What complicates this is that x-gw could possibly be set up by someone to
run by a daemon or program that's setuid root and which fails to drop
privileges before it forks x-gw.
The patch will be published on the www.fwtk.org web site for distribution.
I'd be interested if anyone is actually vulnerable to this; send me private
mail.
        -Rick