Description
Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html
Vendor Advisory x_refsource_confirm
http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=524588
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36809
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/58247
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53392
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36468
Various Sources x_refsource_confirm
http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0389
Scores
EPSS
0.0036
EPSS Percentile
27.3%
Details
CWE
CWE-59
Status
published
Products (3)
fwbuilder/firewall_builder
3.0.4
fwbuilder/firewall_builder
3.0.5
fwbuilder/firewall_builder
3.0.6
Published
Mar 03, 2010
Tracked Since
Feb 18, 2026