Astaro Response: Vulnerabilities in Astaro Security Linux 2.016

["Markus Hennig" <mhennig () astaro com>]

Hi,

thankyou for the testing, we will fix the relevant issues in 
Up2Date 2.021, which will be out really soon. 
All Astaro  users please note, that some of the mentioned issues are 
pretty theoretical and none of them contain any remote vulnerabilities.
 
Best Regards,
Markus

> -----Original Message-----
> From: Jörg Lübbert [mailto:Joerg.Luebbert () t-online de]
> Sent: Saturday, February 02, 2002 7:40 PM
> To: bugtraq () securityfocus com
> Subject: Vulnerabilities in Astaro Security Linux 2.016
>
>
> Preamble:
>
> Product: Astaro Security Linux
>
> Version: 2.016
>
> Vendor: Astaro AG
>
> Vendor URL: http://www.astaro.com
>
> Vendor status and reply: Vendor has been contacted with 
> posting of this 
> message
>
> Description:
> Astaro develops and distributes the firewall solution Astaro Security 
> Linux. Astaro Security Linux offers extensive protection for local 
> networks against hackers, viruses and other risks of 
> connecting to the 
> Internet. Astaro Security Linux is distributed by a worldwide 
> network of 
> partners who offer local support regarding installation and 
> maintenance.
>
> Introduction:
> Dear BugTraq readers. I've taken a short glimpse on Astaro Security 
> Linux and found out some points of interest that are mostly design 
> flaws. Please note that I am theorising (based on a 1 1/2 
> hour research 
> only) about the impacts and have not proven their concepts on Astaro 
> Security Linux yet even though most can be proved easily.
>
> Some of the vulnerabilities might be local and some might argue about 
> that Astaro Security Linux is a Firewall and no server... but 
> as it uses 
> SSHD it could always be that the "loginuser" account might have been 
> compromised and shell access granted.
>
>
>
> Vulnerabilities:
>
> Summary:
> 5 Design flaws
> 2 Completely theorised design flaws
> 1 Possible design flaw
> 1 Licensing violation
> 1 Software bug
>
>
>
> Category 1: Design flaw