TIS Internet Firewall Toolkit (FWTK) contains a flaw that allows a remote attacker to execute arbitrary code on the vulnerable system. The flaw is due to the pmsg() function in the x-gw package. If an attacker supplied malicious code, the sanity checks the function performs will not report the error only, instead it reports the error along with the malicious code which it executes.
It is possible to correct the flaw by implementing the following workaround: disallow login from untrusted user/hosts. "pre" (original advisory) has released a patch to address this vulnerability.