Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2007-4461: bypass filtering due to out of period transmission time

Related Vulnerabilities: CVE-2007-4461  

Source

Debian Bug report logs - #439227
CVE-2007-4461: bypass filtering due to out of period transmission time

version graph

Package: nufw; Maintainer for nufw is Pierre Chifflier <pollux@debian.org>; Source for nufw is src:nufw (PTS, buildd, popcon).

Reported by: Thijs Kinkhorst <thijs@debian.org>

Date: Thu, 23 Aug 2007 12:30:03 UTC

Severity: serious

Tags: security

Fixed in version nufw/2.2.4-1

Done: Pierre Chifflier <p.chifflier@inl.fr>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Pierre Chifflier <pollux@debian.org>:
Bug#439227; Package nufw. (full text, mbox, link).

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Pierre Chifflier <pollux@debian.org>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>
To: submit@bugs.debian.org
Subject: CVE-2007-4461: bypass filtering due to out of period transmission time
Date: Thu, 23 Aug 2007 14:29:23 +0200
[Message part 1 (text/plain, inline)]
Package: nufw
Severity: serious
Tags: security

Hi,

A security issue has been reported against your package nufw:
> NuFW 2.2.3, and certain other versions after 2.0, allows remote attackers
> to bypass time-based packet filtering rules via certain "out of period"
> choices of packet transmission time.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4461
It seems the new upstream 2.2.4 fixes this.

Please mention the CVE id in the changelog when fixing this.
Also please check whether stable is vulnerable and coordinate 
with the security team.


Thanks,
Thijs

[Message part 2 (application/pgp-signature, inline)]

Reply sent to Pierre Chifflier <p.chifflier@inl.fr>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Thijs Kinkhorst <thijs@debian.org>:
Bug acknowledged by developer. (full text, mbox, link).

Message #10 received at 439227-done@bugs.debian.org (full text, mbox, reply):

From: Pierre Chifflier <p.chifflier@inl.fr>
To: 439227-done@bugs.debian.org
Subject: Re: Bug#439227: CVE-2007-4461: bypass filtering due to out of period transmission time
Date: Thu, 23 Aug 2007 16:53:58 +0200
[Message part 1 (text/plain, inline)]
Package: nufw
Version: 2.2.4-1

Stable is not vulnerable, and fixed version was uploaded to unstable
before the CVE was created (.changes attached).

Thanks,
Pierre

[nufw_2.2.4-1_amd64.changes (text/plain, attachment)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 25 Sep 2007 07:30:49 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:18:31 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started