Описание
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings.
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
4.4 Medium
CVSS2
Связанные уязвимости
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass ...
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
ELSA-2016-2597: firewalld security, bug fix, and enhancement update (MODERATE)
EPSS
6.1 Medium
CVSS3
4.4 Medium
CVSS2