shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.
Software | From | Fixed in |
---|---|---|
shorewall / shorewall | 1.4 | 1.4.x |
shorewall / shorewall | 1.4.1 | 1.4.1.x |
shorewall / shorewall | 1.4.10 | 1.4.10.x |
shorewall / shorewall | 1.4.2 | 1.4.2.x |
shorewall / shorewall | 1.4.3 | 1.4.3.x |
shorewall / shorewall | 1.4.3a | 1.4.3a.x |
shorewall / shorewall | 1.4.4 | 1.4.4.x |
shorewall / shorewall | 1.4.5 | 1.4.5.x |
shorewall / shorewall | 1.4.6 | 1.4.6.x |
shorewall / shorewall | 1.4.7 | 1.4.7.x |
shorewall / shorewall | 1.4.8 | 1.4.8.x |
shorewall / shorewall | 1.4.9 | 1.4.9.x |
shorewall / shorewall | 2.0 | 2.0.x |
shorewall / shorewall | 2.0.1 | 2.0.1.x |
shorewall / shorewall | 2.0.2 | 2.0.2.x |
shorewall / shorewall | 2.0.3 | 2.0.3.x |