Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24641

HistoryApr 10, 2020 - 12:59 a.m.

Privilege Escalation

2020-04-1000:59:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

EPSS

0

Percentile

5.1%

system-config-firewall is vulnerable to privilege escalation. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object.

References

lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html

secunia.com/advisories/45294

securitytracker.com/id?1025793

www.openwall.com/lists/oss-security/2011/07/18/6

www.redhat.com/support/errata/RHSA-2011-0953.html

www.securityfocus.com/bid/48715

access.redhat.com/errata/RHSA-2011:0953

access.redhat.com/security/cve/CVE-2011-2520

access.redhat.com/security/updates/classification/#moderate

bugzilla.redhat.com/show_bug.cgi?id=717985

exchange.xforce.ibmcloud.com/vulnerabilities/68734

EPSS

0

Percentile

5.1%

Related for VERACODE:24641

oraclelinux1 cvelist1 prion1 cve1 fedora1 nessus4 openvas5 redhat1 ubuntucve1 nvd1