PT-2017-14132 · Suse · Susefirewall2+6
Published
2017-11-02
·
Updated
2019-10-03
·
CVE-2017-15638
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
SuSEfirewall2 versions prior to 3.6.312-2.13.1 in SUSE Linux Enterprise Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2
SuSEfirewall2 versions prior to 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3
SuSEfirewall2 versions prior to 3.6 SVNr208-2.18.3.1 in SLE Server 11 SP4
SuSEfirewall2 versions prior to 3.6.312-5.9.1 in openSUSE Leap 42.2
SuSEfirewall2 versions prior to 3.6.312.333-7.1 in openSUSE Leap 42.3
Description
The issue might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for rpc services.
Recommendations
For SuSEfirewall2 versions prior to 3.6.312-2.13.1 in SUSE Linux Enterprise Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2, update to version 3.6.312-2.13.1 or later.
For SuSEfirewall2 versions prior to 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3, update to version 3.6.312.333-3.10.1 or later.
For SuSEfirewall2 versions prior to 3.6 SVNr208-2.18.3.1 in SLE Server 11 SP4, update to version 3.6 SVNr208-2.18.3.1 or later.
For SuSEfirewall2 versions prior to 3.6.312-5.9.1 in openSUSE Leap 42.2, update to version 3.6.312-5.9.1 or later.
For SuSEfirewall2 versions prior to 3.6.312.333-7.1 in openSUSE Leap 42.3, update to version 3.6.312.333-7.1 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sle Desktop
Sle Server
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Susefirewall2
Suse
Opensuse Leap