(RHSA-2011:0953) Moderate: system-config-firewall security update

2011-07-18T04:00:00
ID RHSA-2011:0953
Type redhat
Reporter RedHat
Modified 2018-06-06T20:24:12

Description

system-config-firewall is a graphical user interface for basic firewall setup.

It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. A local user authorized to configure firewall rules using system-config-firewall could use this flaw to execute arbitrary code with root privileges, by sending a specially-crafted serialized object. (CVE-2011-2520)

Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue.

This erratum updates system-config-firewall to use JSON (JavaScript Object Notation) for data exchange, instead of pickle. Therefore, an updated version of system-config-printer that uses this new communication data format is also provided in this erratum.

Users of system-config-firewall are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-firewall must be restarted before the utility will be able to communicate with its updated back-end.