LinuxSecurity.com: Vulnerabilities (and Possible GPL Violations) in Astaro Security Linux

"Astaro develops and distributes the firewall solution Astaro Security Linux. Astaro Security Linux offers extensive protection for local networks against hackers, viruses and other risks of connecting to the Internet. Astaro Security Linux is distributed by a worldwide network of partners who offer local support regarding installation and maintenance.

Introduction:

Dear BugTraq readers. I've taken a short glimpse on Astaro Security Linux and found out some points of interest that are mostly design flaws. Please note that I am theorising (based on a 1 1/2 hour research only) about the impacts and have not proven their concepts on Astaro Security Linux yet even though most can be proved easily.

Some of the vulnerabilities might be local and some might argue about that Astaro Security Linux is a Firewall and no server... but as it uses SSHD it could always be that the "loginuser" account might have been compromised and shell access granted."

Complete Story