Vulnerabilities > CVE-2007-2837 - Unspecified vulnerability in Fireflier 1.1.6
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 11 | |
Application | 1 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1326.NASL |
description | Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25638 |
published | 2007-07-02 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25638 |
title | Debian DSA-1326-1 : fireflier-server - insecure temporary files |