GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jan 23, 2012 10:26 pm Post subject: [ GLSA 201201-11 ] Firewall Builder: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: Firewall Builder: Privilege escalation (GLSA 201201-11)
Severity: normal
Exploitable: local
Date: January 23, 2012
Bug(s): #235809, #285861
ID: 201201-11
Synopsis
Insecure temporary file usage in Firewall Builder could allow
attackers to overwrite arbitrary files.
Background
Firewall Builder is a GUI for easy management of multiple firewall
platforms.
Affected Packages
Package: net-firewall/fwbuilder
Vulnerable: < 3.0.7
Unaffected: >= 3.0.7
Architectures: All supported architectures
Description
Two vulnerabilities in Firewall Builder allow the iptables and
fwb_install scripts to use temporary files insecurely.
Impact
A local attacker could possibly overwrite arbitrary files with the
privileges of the user running Firewall Builder.
Workaround
There is no known workaround at this time.
Resolution
All Firewall Builder users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
| NOTE: This is a legacy GLSA. Updates for all affected architectures are
available since March 09, 2010. It is likely that your system is already
no longer affected by this issue.
References
CVE-2008-4956
CVE-2009-4664 |
|