CVE-2009-4664 - Vulnerability Details - OpenCVE

Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fwbuilder	Firewall Builder
Linux	Linux Kernel

Configuration 1 [-]

AND

OR	cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:::::::*
	cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:::::::*
	cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:::::::*

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html
http://osvdb.org/58247
http://secunia.com/advisories/36809
http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
http://www.securityfocus.com/bid/36468
http://www.vupen.com/english/advisories/2010/0389
https://bugzilla.redhat.com/show_bug.cgi?id=524588
https://exchange.xforce.ibmcloud.com/vulnerabilities/53392
https://nvd.nist.gov/vuln/detail/CVE-2009-4664
https://www.cve.org/CVERecord?id=CVE-2009-4664

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-03T20:00:00

Updated: 2024-08-07T07:08:38.000Z

Reserved: 2010-03-03T00:00:00

Link: CVE-2009-4664

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-03T20:30:00.650

Modified: 2024-11-21T01:10:10.177

Link: CVE-2009-4664

Redhat

Severity : Moderate

Publid Date: 2009-09-18T00:00:00Z

Links: CVE-2009-4664 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2010-0157", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"}, {"name": "36809", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/36809"}, {"name": "58247", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/58247"}, {"name": "firewallbuilder-temp-symlink(53392)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"}, {"name": "36468", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/36468"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"}, {"name": "ADV-2010-0389", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0389"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-4664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2010-0157", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"}, {"name": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html", "refsource": "CONFIRM", "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=524588", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"}, {"name": "36809", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/36809"}, {"name": "58247", "refsource": "OSVDB", "url": "http://osvdb.org/58247"}, {"name": "firewallbuilder-temp-symlink(53392)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"}, {"name": "36468", "refsource": "BID", "url": "http://www.securityfocus.com/bid/36468"}, {"name": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7", "refsource": "CONFIRM", "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"}, {"name": "ADV-2010-0389", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0389"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:08:38.000Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2010-0157", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"}, {"name": "36809", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/36809"}, {"name": "58247", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/58247"}, {"name": "firewallbuilder-temp-symlink(53392)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"}, {"name": "36468", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/36468"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"}, {"name": "ADV-2010-0389", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0389"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-4664", "datePublished": "2010-03-03T20:00:00", "dateReserved": "2010-03-03T00:00:00", "dateUpdated": "2024-08-07T07:08:38.000Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FCA0E55C-59B4-4F95-A32A-19926086DA62", "vulnerable": true}, {"criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "FA2B9082-8241-4466-91F0-E3E63EBEC0A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:fwbuilder:firewall_builder:3.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "4DFB6F34-3BCE-4C34-8403-6EAB356F8141", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, allows local users to gain privileges via a symlink attack on an unspecified temporary file that is created by the iptables script."}, {"lang": "es", "value": "Firewall Builder v3.0.4, v3.0.5, y v3.0.6, cuando se ejecuta sobre linux, permite a usuarios locales obtener privilegios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un archivo temporal no especificado que es creado por la secuencia de comandos del iptables."}], "id": "CVE-2009-4664", "lastModified": "2024-11-21T01:10:10.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-03T20:30:00.650", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"}, {"source": "cve@mitre.org", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/58247"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36809"}, {"source": "cve@mitre.org", "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/36468"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/0389"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://blog.fwbuilder.org/2009/09/firewall-builder-v307-released.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035112.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/58247"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/36809"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/36468"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2010/0389"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=524588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53392"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}