Debian Security Advisory DSA 1326-1 (fireflier-server) Network Vulnerability

Summary

The remote host is missing an update to fireflier-server announced via advisory DSA 1326-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201326-1

Insight

Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitary files from the local system. For the old stable distribution (sarge) this problem has been fixed in version 1.1.5-1sarge1. For the stable distribution (etch) this problem has been fixed in version 1.1.6-3etch1. For the unstable distribution (sid) this problem will be fixed shortly. We recommend that you upgrade your fireflier-server package.

Severity

Classification

CVE CVE-2007-2837
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 048-1 (cfingerd)
Debian Security Advisory DSA 1078-1 (tiff)
Debian Security Advisory DSA 2840-1 (srtp - buffer overflow)
Debian Security Advisory DSA 1130-1 (sitebar)
Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)

Take action and discover your vulnerabilities