Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2011:0953
HistoryJul 18, 2011 - 12:00 a.m.

(RHSA-2011:0953) Moderate: system-config-firewall security update

2011-07-1800:00:00
access.redhat.com
14

EPSS

0

Percentile

5.1%

JSON

system-config-firewall is a graphical user interface for basic firewall
setup.

It was found that system-config-firewall used the Python pickle module in
an insecure way when sending data (via D-Bus) to the privileged back-end
mechanism. A local user authorized to configure firewall rules using
system-config-firewall could use this flaw to execute arbitrary code with
root privileges, by sending a specially-crafted serialized object.
(CVE-2011-2520)

Red Hat would like to thank Marco Slaviero of SensePost for reporting this
issue.

This erratum updates system-config-firewall to use JSON (JavaScript Object
Notation) for data exchange, instead of pickle. Therefore, an updated
version of system-config-printer that uses this new communication data
format is also provided in this erratum.

Users of system-config-firewall are advised to upgrade to these updated
packages, which contain a backported patch to resolve this issue. Running
instances of system-config-firewall must be restarted before the utility
will be able to communicate with its updated back-end.

OSVersionArchitecturePackageVersionFilename
RedHat6i686system-config-printer-libs< 1.1.16-17.el6_1.2system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm
RedHat6noarchsystem-config-firewall-base< 1.2.27-3.el6_1.3system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm
RedHat6s390xsystem-config-printer-debuginfo< 1.1.16-17.el6_1.2system-config-printer-debuginfo-1.1.16-17.el6_1.2.s390x.rpm
RedHat6i686system-config-printer-udev< 1.1.16-17.el6_1.2system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm
RedHat6s390xsystem-config-printer-udev< 1.1.16-17.el6_1.2system-config-printer-udev-1.1.16-17.el6_1.2.s390x.rpm
RedHat6ppc64system-config-printer< 1.1.16-17.el6_1.2system-config-printer-1.1.16-17.el6_1.2.ppc64.rpm
RedHat6ppc64system-config-printer-udev< 1.1.16-17.el6_1.2system-config-printer-udev-1.1.16-17.el6_1.2.ppc64.rpm
RedHat6x86_64system-config-printer-debuginfo< 1.1.16-17.el6_1.2system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm
RedHat6x86_64system-config-printer-udev< 1.1.16-17.el6_1.2system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm
RedHat6s390xsystem-config-printer< 1.1.16-17.el6_1.2system-config-printer-1.1.16-17.el6_1.2.s390x.rpm
Rows per page:
1-10 of 211

Related

oraclelinux 1
cvelist 1
prion 1
cve 1
fedora 1
nessus 4
openvas 5
veracode 1
ubuntucve 1
nvd 1
oraclelinux
oraclelinux
system-config-firewall security update
2011-07-18 00:00:00
cvelist
cvelist
CVE-2011-2520
2011-07-21 23:00:00
prion
prion
Code injection
2011-07-21 23:55:00
cve
cve
CVE-2011-2520
2011-07-21 23:55:03
fedora
fedora
[SECURITY] Fedora 15 Update: system-config-firewall-1.2.29-4.fc15
2011-08-02 02:09:53
nessus
nessus
Fedora 15 : system-config-firewall-1.2.29-4.fc15 (2011-9652)
2011-08-02 00:00:00
Oracle Linux 6 : system-config-firewall (ELSA-2011-0953)
2013-07-12 00:00:00
RHEL 6 : system-config-firewall (RHSA-2011:0953)
2011-07-19 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-0953)
2015-10-06 00:00:00
RedHat Update for system-config-firewall RHSA-2011:0953-01
2012-06-06 00:00:00
Fedora Update for system-config-firewall FEDORA-2011-9652
2011-08-12 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:59:48
ubuntucve
ubuntucve
CVE-2011-2520
2011-07-21 00:00:00
nvd
nvd
CVE-2011-2520
2011-07-21 23:55:03

EPSS

0

Percentile

5.1%

JSON
Related for RHSA-2011:0953
oraclelinux1cvelist1prion1cve1fedora1nessus4openvas5veracode1ubuntucve1nvd1