SmoothWall Configuration Files World Read Vulnerability

SmoothWall Configuration Files World Read Vulnerability

SmoothWall is a freely available, open source Linux firewall solution. It is maintained and distributed by the SmoothWall Project.

SmoothWall uses a loose permission set in their firewall implementation. While this is not inherently dangerous as firewall systems are not designed as multi-user, an unauthorized user gaining access to the system via exploitation of an unprivileged process may be able to gain access to sensitive information on the system. The /var/smoothwall directory containing the configuration files has permissions set to 0700, with the owner and group membership set to nobody.