Foomuuri D-Bus Authorization Flaws Allow Unprivileged Firewall Manipulation

Foomuuri, a firewall management tool, contains two privilege escalation vulnerabilities in its D-Bus service that could allow unprivileged local attackers to compromise firewall security. Researcher Matthias Gerstner identified authorization enforcement gaps and input validation weaknesses that enable unauthorized firewall configuration changes.

These vulnerabilities highlight the importance of strict access controls on system-level services exposed through D-Bus. The flaws underscore how improper authorization checks and insufficient input validation can transform a local access requirement into a meaningful privilege escalation vector.

Ubuntu has released security update USN-8326-1 to address both issues. Organizations running Foomuuri should apply patches promptly to prevent local attackers from manipulating critical firewall policies.

Authorization Bypass in D-Bus Service

• CVE-2025-67603: D-Bus service fails to enforce proper authorization controls
• Unprivileged local users can bypass intended access restrictions
• Attackers gain ability to modify firewall configuration contrary to security policy
• Represents a privilege escalation from local user to firewall administrator capabilities

Interface Name Validation Weakness

• CVE-2025-67858: Insufficient validation of interface names in D-Bus requests
• Local attackers exploit validation gaps to manipulate firewall rules in unintended ways
• Improper input handling allows circumvention of intended firewall logic
• Combined with authorization bypass, enables comprehensive firewall policy compromise

Mitigation and Best Practices

• Apply Ubuntu security update USN-8326-1 immediately on affected systems
• Restrict local system access to trusted users only
• Monitor D-Bus service logs for unauthorized firewall configuration attempts
• Review firewall policies after patching to detect any unauthorized changes

Sources

• USN-8326-1: Foomuuri vulnerabilities