First published: Fri Dec 31 2004(Updated: )
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos Astaro Security Gateway | =4.017 | |
Sophos Astaro Security Gateway | =4.018 | |
Sophos Astaro Security Gateway | =4.019 | |
Sophos Astaro Security Gateway | =4.020 | |
Sophos Astaro Security Gateway | =4.021 | |
Sophos Astaro Security Gateway | =4.022 | |
Sophos Astaro Security Gateway | =4.023 | |
sophos Astaro Security Linux | <4.024 |
http://www.astaro.org/showflat.php?Cat=&Number=51459&page=0&view=collapsed&sb=5&o=&fpart=1#51459
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-2252 has been classified as a high-severity vulnerability due to its potential to allow remote attackers to gain system information.
To mitigate CVE-2004-2252, update Astaro Security Linux to a version that is greater than 4.024, as these versions have patched the vulnerability.
CVE-2004-2252 affects Astaro Security Linux versions 4.017 to 4.023.
CVE-2004-2252 makes it easier for attackers to obtain information about the system which could facilitate exploiting other vulnerabilities.
Yes, CVE-2004-2252 is a network-related vulnerability that involves the firewall’s handling of SYN-FIN packets.