Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation
From: Vincent Danen <vdanen () redhat com>
Date: Mon, 18 Jul 2011 11:36:39 -0600

Hi folks.  I'm not sure if anyone else uses system-config-firewall and
system-config-printer, but we had a report of a privilege escalation
flaw that could allow a user with access to run these commands to
elevate their privileges due to insecure use of the python pickle
module.

The solution is to use JSON rather than pickle.  The details and a patch
for CVE-2011-2520 are available in our bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2520

Thanks.

--
Vincent Danen / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
  • CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation Vincent Danen (Jul 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]