Summary
The remote host is missing an update to fireflier-server announced via advisory DSA 1326-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201326-1
Insight
Steve Kemp from the Debian Security Audit project discovered that fireflier-server, an interactive firewall rule creation tool, uses temporary files in an unsafe manner which may be exploited to remove arbitary files from the local system.
For the old stable distribution (sarge) this problem has been fixed in version 1.1.5-1sarge1.
For the stable distribution (etch) this problem has been fixed in version 1.1.6-3etch1.
For the unstable distribution (sid) this problem will be fixed shortly.
We recommend that you upgrade your fireflier-server package.
Severity
Classification
-
CVE CVE-2007-2837 -
CVSS Base Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities