CVE-2007-2837

Name of the Vulnerable Software and Affected Versions FireFlier version 1.1.6

Description The issue allows local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file. This is due to vulnerabilities in the getRule and getChains functions in server/rules.cpp in fireflierd (fireflier-server).

Recommendations For FireFlier version 1.1.6, consider restricting access to the getRule and getChains functions in server/rules.cpp until a patch is available. As a temporary workaround, avoid using the /tmp/fireflier.rules temporary file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.