Lucene search

Gentoo FoundationGLSA-200502-01

HistoryFeb 01, 2005 - 12:00 a.m.

FireHOL: Insecure temporary file creation

2005-02-0100:00:00

Gentoo Foundation

security.gentoo.org

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Background

FireHOL is an iptables rules generator.

Description

FireHOL insecurely creates temporary files with predictable names.

Impact

A local attacker could create malicious symbolic links to arbitrary system files. When FireHOL is executed, this could lead to these files being overwritten with the rights of the user launching FireHOL, usually the root user.

Workaround

There is no known workaround at this time.

Resolution

All FireHOL users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-firewall/firehol-1.224"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-firewall/firehol< 1.224UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	net-firewall/firehol	< 1.224	UNKNOWN

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for GLSA-200502-01