Rapid7 Vulnerability & Exploit Database

RHSA-2011:0953: system-config-firewall security update

Back to Search

RHSA-2011:0953: system-config-firewall security update

Severity
6
CVSS
(AV:L/AC:H/Au:S/C:C/I:C/A:C)
Published
07/21/2011
Created
07/25/2018
Added
07/29/2011
Modified
07/04/2017

Description

system-config-firewall is a graphical user interface for basic firewallsetup.It was found that system-config-firewall used the Python pickle module inan insecure way when sending data (via D-Bus) to the privileged back-endmechanism. A local user authorized to configure firewall rules usingsystem-config-firewall could use this flaw to execute arbitrary code withroot privileges, by sending a specially-crafted serialized object.(CVE-2011-2520)Red Hat would like to thank Marco Slaviero of SensePost for reporting thisissue.This erratum updates system-config-firewall to use JSON (JavaScript ObjectNotation) for data exchange, instead of pickle. Therefore, an updatedversion of system-config-printer that uses this new communication dataformat is also provided in this erratum.Users of system-config-firewall are advised to upgrade to these updatedpackages, which contain a backported patch to resolve this issue. Runninginstances of system-config-firewall must be restarted before the utilitywill be able to communicate with its updated back-end.

Solution(s)

  • redhat-upgrade-system-config-firewall
  • redhat-upgrade-system-config-firewall-base
  • redhat-upgrade-system-config-firewall-tui
  • redhat-upgrade-system-config-printer
  • redhat-upgrade-system-config-printer-debuginfo
  • redhat-upgrade-system-config-printer-libs
  • redhat-upgrade-system-config-printer-udev

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;