vulnerability
Oracle Linux: CVE-2016-5410: ELSA-2016-2597: firewalld security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:P/A:C) | Aug 16, 2016 | Nov 9, 2016 | Nov 29, 2024 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:C)
Published
Aug 16, 2016
Added
Nov 9, 2016
Modified
Nov 29, 2024
Description
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings.
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings.
Solution(s)
oracle-linux-upgrade-firewall-appletoracle-linux-upgrade-firewall-configoracle-linux-upgrade-firewalldoracle-linux-upgrade-firewalld-filesystemoracle-linux-upgrade-python-firewall
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.