BID:12336

FireHOL Insecure Local Temporary File Creation Vulnerability

Info

FireHOL Insecure Local Temporary File Creation Vulnerability

Bugtraq ID:	12336
Class:	Design Error
CVE:
Remote:	No
Local:	Yes
Published:	Jan 24 2005 12:00AM
Updated:	Jan 24 2005 12:00AM
Credit:	Discovery is credited to Sam Couter.
Vulnerable:	FireHOL FireHOL 1.224 FireHOL FireHOL 1.214

Not Vulnerable:	FireHOL FireHOL 1.226

Discussion

FireHOL Insecure Local Temporary File Creation Vulnerability

FireHOL is prone to a local insecure temporary file creation vulnerability. This could allow arbitrary files to be overwritten.

Exploit / POC

FireHOL Insecure Local Temporary File Creation Vulnerability

No exploit is required.

Solution / Fix

FireHOL Insecure Local Temporary File Creation Vulnerability

Solution:
The vendor has released FireHOL 1.226 to address this issue.

Gentoo has released advisory GLSA 200502-01 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their systems:

emerge --sync
emerge --ask --oneshot --verbose ">=net-firewall/firehol-1.224"

FireHOL FireHOL 1.214

FireHOL firehol-1.226.tar.bz2
http://prdownloads.sourceforge.net/firehol/firehol-1.226.tar.bz2?downl oad

References

FireHOL Insecure Local Temporary File Creation Vulnerability

References:

Home Page (FireHOL)