[Firehol-support] FireHOL security bug - v1.224 released to fix it

Costa Tsaousis costa at tsaousis.gr
Mon Jan 24 22:53:20 GMT 2005


Hi all,

A hours ago, it has been reported that FireHOL has a security bug that
allows malicious local users to use the temporary files created by FireHOL
to overwrite arbitrary files on the system running FireHOL.

I have already fixed the bugs that allowed these to happen and released
v1.224, which can be downloaded the usual way and also via
http://firehol.sf.net/firehol.tar.gz (this URL is the nightly CVS build,
which is currently the same as the released one).

All system administrators that allow non-trusted users to have a terminal
session to their systems are advised to update immediatelly to this
version.

Regards,

Costa






More information about the Firehol-support mailing list