Vulnerability CVE-2011-2520

Vulnerability Name:

CVE-2011-2520 (CCN-68734)

Assigned:

2011-07-18

Published:

2011-07-18

Updated:

2023-02-13

Summary:

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

CVSS v3 Severity:

8.2 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): Required
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
4.5 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.0 Medium (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
4.5 Medium (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-502

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2011-2520

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: RHSA-2011-0953
Moderate: system-config-firewall security update

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: OSVDB ID: 73976
system-config-firewall fw_dbus.py pickle Python Module Serialized Object Local Privilege Escalation

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: BID-48715
Red Hat system-config-firewall Local Privilege Escalation Vulnerability

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 717985
CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: XF
Type: UNKNOWN
systemconfigfirewall-priv-escalation(68734)

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:redhat:system-config-firewall:1.2.11:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_server_eus:6.1.z:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:23291	P	ELSA-2011:0953: system-config-firewall security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21421	P	RHSA-2011:0953: system-config-firewall security update (Moderate)	2014-02-24
oval:com.redhat.rhsa:def:20110953	P	RHSA-2011:0953: system-config-firewall security update (Moderate)	2011-07-18

BACK