Vulnerabilities > CVE-2007-2837 - Unspecified vulnerability in Fireflier 1.1.6
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN fireflier
nessus
Summary
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 11 | |
| Application | 1 |
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DSA-1326.NASL |
| description | Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 25638 |
| published | 2007-07-02 |
| reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/25638 |
| title | Debian DSA-1326-1 : fireflier-server - insecure temporary files |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431332
- http://osvdb.org/37803
- http://osvdb.org/37803
- http://secunia.com/advisories/25900
- http://secunia.com/advisories/25900
- http://secunia.com/advisories/25913
- http://secunia.com/advisories/25913
- http://www.debian.org/security/2007/dsa-1326
- http://www.debian.org/security/2007/dsa-1326
- http://www.securityfocus.com/bid/24718
- http://www.securityfocus.com/bid/24718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35226
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35226