mailing list archives
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 28 Nov 2011 10:09:01 +0100
Hello Kurt, Steve, vendors,
a privilege escalation flaw was found in the way 'celeryd-multi',
'celeryd_detach', 'celerybeat' and 'celeryev' tools of the Celery,
an asynchronous task queue based on distributed message passing,
performed sanitization of --uid and --gid arguments, provided to
the tools on the command line (only effective user id was changed,
with the real one remaining unchanged). A local attacker could use
this flaw to send messages via the message broker or use the Pickle
serializer to load and execute arbitrary code with elevated privileges.
Relevant upstream patch:
Could you allocate a CVE id for this issue?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
- CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky (Nov 28)