fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html | Mailing List |
http://secunia.com/advisories/45294 | Not Applicable |
http://securitytracker.com/id?1025793 | Broken Link |
http://www.openwall.com/lists/oss-security/2011/07/18/6 | Mailing List |
http://www.redhat.com/support/errata/RHSA-2011-0953.html | Not Applicable |
http://www.securityfocus.com/bid/48715 | Broken Link |
https://bugzilla.redhat.com/show_bug.cgi?id=717985 | Issue Tracking |
https://exchange.xforce.ibmcloud.com/vulnerabilities/68734 | Third Party Advisory VDB Entry |
Configurations
History
21 Jan 2024, 02:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 7.8 |
First Time |
Fedoraproject
Fedoraproject fedora |
|
CPE | cpe:2.3:a:redhat:system-config-firewall:1.2.17:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.16:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.28:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.25:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.14:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.21:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.27:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.15:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.26:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.24:*:*:*:*:*:*:* cpe:2.3:a:redhat:system-config-firewall:1.2.22:*:*:*:*:*:*:* |
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:* |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html - Mailing List | |
References | () http://secunia.com/advisories/45294 - Not Applicable | |
References | () http://securitytracker.com/id?1025793 - Broken Link | |
References | () http://www.openwall.com/lists/oss-security/2011/07/18/6 - Mailing List | |
References | () http://www.redhat.com/support/errata/RHSA-2011-0953.html - Not Applicable | |
References | () http://www.securityfocus.com/bid/48715 - Broken Link | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=717985 - Issue Tracking | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/68734 - Third Party Advisory, VDB Entry |
13 Feb 2023, 04:31
Type | Values Removed | Values Added |
---|---|---|
Summary | fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | |
References |
|
02 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle |
Information
Published : 2011-07-21 23:55
Updated : 2024-01-21 02:53
NVD link : CVE-2011-2520
Mitre link : CVE-2011-2520
CVE.ORG link : CVE-2011-2520
JSON object : View
Products Affected
fedoraproject
- fedora
redhat
- system-config-firewall
CWE
CWE-502
Deserialization of Untrusted Data