Vulnerabilities > CVE-2007-2837 - Unspecified vulnerability in Fireflier 1.1.6

047910
CVSS 3.6 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
debian
fireflier
nessus

Summary

The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.

Vulnerable Configurations

Part Description Count
OS
Debian
11
Application
Fireflier
1

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1326.NASL
descriptionSteve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system.
last seen2020-06-01
modified2020-06-02
plugin id25638
published2007-07-02
reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/25638
titleDebian DSA-1326-1 : fireflier-server - insecure temporary files