5 matches found
CVE-2007-2837
The 1 getRule and 2 getChains functions in server/rules.cpp in fireflierd fireflier-server in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file...
CVE-2007-2837
The CVE-2007-2837 issue affects FireFlier 1.1.6 (fireflier-server). The getRule and getChains functions in server/rules.cpp allow local users to exploit an unsafe temporary file handling (symlink to /tmp/fireflier.rules) to overwrite arbitrary files. The Debian advisory DSA-1326-1 documents the f...
Debian DSA-1326-1 : fireflier-server - insecure temporary files
Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitrary files from the local system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[Full-disclosure] [SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1326 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 -...
[SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files
------------------------------------------------------------------------ Debian Security Advisory DSA-1326 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : fireflier-server...