Home

CVE-2011-2520

Description

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.099

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-firewall-1.2.27-3.el6_1.3.noarch.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-1.1.16-17.el6_1.2.i686.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-1.1.16-17.el6_1.2.x86_64.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpmLinux
(RHSA-2011:0953) Moderate: system-config-firewall security update system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234