CVE-2016-5410
published 2017-04-19CVE-2016-5410: firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2)…
medium5.5CVSS 3.0
AVLACLPRLUINSUCNIHAN
firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firewalld | < firewalld 0.4.3.3-1 (bookworm) | firewalld 0.4.3.3-1 (bookworm) |
| firewalld | firewalld | <= 0.4.3.2 | — |
| firewalld | firewalld | >= 0 < 0.4.3.3-1 | 0.4.3.3-1 |
| firewalld | firewalld | >= 0 < 0.4.3.3-1 | 0.4.3.3-1 |
| firewalld | firewalld | >= 0 < 0.4.3.3-1 | 0.4.3.3-1 |
| firewalld | firewalld | >= 0 < 0.4.3.3-1 | 0.4.3.3-1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM