6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Firewall Builder is a GUI for easy management of multiple firewall platforms.
Two vulnerabilities in Firewall Builder allow the iptables and fwb_install scripts to use temporary files insecurely.
A local attacker could possibly overwrite arbitrary files with the privileges of the user running Firewall Builder.
There is no known workaround at this time.
All Firewall Builder users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/fwbuilder-3.0.7"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since March 09, 2010. It is likely that your system is already no longer affected by this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-firewall/fwbuilder | < 3.0.7 | UNKNOWN |