| Name | CVE-2016-5410 |
| Description | firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify firewall configurations via the (1) addPassthrough, (2) removePassthrough, (3) addEntry, (4) removeEntry, or (5) setEntries D-Bus API method. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 834529 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| firewalld (PTS) | bullseye | 0.9.3-2 | fixed |
| bookworm | 1.3.3-1~deb12u1 | fixed | |
| sid, trixie | 2.3.0-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| firewalld | source | (unstable) | 0.4.3.3-1 | 834529 |
[jessie] - firewalld <ignored> (Minor issue)
Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11