vulnerability
Oracle Linux: CVE-2016-5410: ELSA-2016-2597: firewalld security, bug fix, and enhancement update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:S/C:N/I:P/A:C) | 2016-08-16 | 2016-11-09 | 2024-11-29 |
Severity
5
CVSS
(AV:L/AC:L/Au:S/C:N/I:P/A:C)
Published
2016-08-16
Added
2016-11-09
Modified
2024-11-29
Description
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings.
A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings.
Solution(s)
oracle-linux-upgrade-firewall-appletoracle-linux-upgrade-firewall-configoracle-linux-upgrade-firewalldoracle-linux-upgrade-firewalld-filesystemoracle-linux-upgrade-python-firewall
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.