Firewall Builder Privilege Escalation Vulnerability (Linux) Network Vulnerability

Summary

The host is running Firewall Builder and is prone to Privilege Escalation vulnerability.

Impact

Successful exploitation will allow local users to perform certain actions with escalated privileges. Impact Level: Application

Solution

Update to version 3.0.7 For updates refer to http://www.fwbuilder.org/

Insight

The flaw is due to the application generating scripts, which are using temporary files in an insecure manner. This can be exploited to overwrite arbitrary files via symlink attack.

Affected

Firewall Builder versions 3.0.4 to 3.0.6 on Linux.

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html
http://osvdb.org/58247
http://secunia.com/advisories/36809
http://xforce.iss.net/xforce/xfdb/53392

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4664
CVSS Base Score: 3.3
AV:L/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Fortinet Fortigate console management detection
CPE-based Policy Check
FTPShell Server Version Detection
Check for supported SSL Ciphers
Get Windows Eventlog Entries over WMI

Take action and discover your vulnerabilities