fwsnort loaded configuration file from cwd when run as a non-root user

2014.02.03

Credit: Murray McAllister

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2014-0039

CWE: CWE-Other

CVSS Base Score: 4.4/10

Impact Subscore: 6.4/10

Exploitability Subscore: 3.4/10

Exploit range: Local

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

Good morning,
When fwsnort was run as a non-root user, it opened the fwsnort.conf file
from the current working directory if a configuration file was not
explicitly specified. The configuration file can specify a directory to
load libraries from, so this would have been an issue if running fwsnort
in an attacker-controlled directory.
Michael Rash has released fwsnort-1.6.4 to fix this issue:
http://www.cipherdyne.org/fwsnort/download/
https://github.com/mrash/fwsnort/blob/master/ChangeLog
The patch (with further issue details) for CVE-2014-0039 is:
https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
For the affected versions, I had only tested 1.6.3 (on Fedora and EPEL).
Cheers,
--
Murray McAllister / Red Hat Security Response Team

References:

https://github.com/mrash/fwsnort/blob/master/ChangeLog

https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

fwsnort loaded configuration file from cwd when run as a non-root user

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.