CVE-2009-4664

high

Description

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/53392

https://bugzilla.redhat.com/show_bug.cgi?id=524588

http://www.vupen.com/english/advisories/2010/0389

http://www.securityfocus.com/bid/36468

http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7

http://secunia.com/advisories/36809

http://osvdb.org/58247

http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html

http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html

Details

Source: Mitre, NVD

Published: 2010-03-03

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00038

Detections

Analytics