漏洞类别:RedHat
漏洞等级: 
漏洞信息
firewalld is a firewall service daemon that provides a dynamic customizable firewall with a D-Bus interface.
The following packages have been upgraded to a newer upstream version: firewalld (0.4.3.2). (BZ#1302802)
Security Fix(es):
* A flaw was found in the way firewalld allowed certain firewall configurations to be modified by unauthenticated users. Any locally logged in user could use this flaw to tamper or change firewall settings. (CVE-2016-5410)
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
漏洞危害
Any locally logged in user could use this flaw to tamper or change firewall settings.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2016:2597 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论