Computer Security
[EN] securityvulns.ru no-pyccku


fireflier-server firewall configuration tool symbolic links vulnerability
Published:02.07.2007
Source:
SecurityVulns ID:7879
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability on temporary files creation.
Affected:FIREFLIERT : fireflier 1.1
CVE:CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.)
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files (02.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod