CVE-2016-5410 – firewalld: Firewall configuration can be modified by any logged in user

https://notcve.org/view.php?id=CVE-2016-5410

firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. firewalld.py en firewalld en versiones anteriores a 0.4.3.3 permite a usuarios locales eludir la autenticación y modificar las configuraciones del firewall a través de (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry o (5) setEntries D-Bus API method. A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings. • http://rhn.redhat.com/errata/RHSA-2016-2597.html http://www.firewalld.org/2016/08/firewalld-0-4-3-3-release http://www.openwall.com/lists/oss-security/2016/08/16/3 http://www.securityfocus.com/bid/92481 https://bugzilla.redhat.com/show_bug.cgi?id=1360135 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPM3GUQRU2KPRXDEQLAMCDQEAIARJSBT https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJMYLGRVKIPJEI3VZJ4WQZT7FBQ5BKO • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •