|
|
Subscribe / Log in / New account

firewalld: authentication bypass

Package(s):firewalld CVE #(s):CVE-2016-5410
Created:August 22, 2016 Updated:January 30, 2017
Description: From the Red Hat bugzilla entry:

FirewallD provides dbus api for modification of configuration after user has been authenticated via polkit. This does not apply for 5 methods which can be called by any logged user using dbus api or firewall-cmd cli interface. Any predefined policy can be used, server or desktop. list of concerned dbus methods in firewalld.py: addPassthrough, removePassthrough, addEntry, removeEntry, and setEntries. Any locally logged in user, could use the above firewalld commands to tamper or change the firewall settings.

Alerts:
Oracle ELSA-2016-2597 firewalld 2016-11-10
Red Hat RHSA-2016:2597-02 firewalld 2016-11-03
Fedora FEDORA-2016-de55d2c2c9 firewalld 2016-08-19
Gentoo 201701-70 firewalld 2017-01-29
Scientific Linux SLSA-2016:2597-2 firewalld 2016-12-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds