Info

Disclosure

Jan 24, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FireHOL contains a flaw that may allow a malicious user to overwrite arbitrary files on the system. The issue is due to various temporary files being created insecurely. It is possible that the flaw may allow an attacker to use symlink attacks to overwrite arbitrary files on the system with the privileges of the user running the script, resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Race Condition
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.224 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Costa Tsaousis

FireHOL

1.214

References

Security Tracker: 1012969
Secunia Advisory ID: 13970 14102
CVE ID: 2005-0225 (see also: NVD)
Vendor URL: http://firehol.sourceforge.net/
Vendor Specific Advisory URL: http://security.gentoo.org/glsa/glsa-200502-01.xml

Credit

Sam Couter -

Direct URL: http://osvdb.org/13137