CVE-2011-2520

Name of the Vulnerable Software and Affected Versions system-config-firewall versions 1.2.29 and earlier system-config-firewall-base version 1.2.27 system-config-firewall-tui version 1.2.27 system-config-printer version 1.1.16 system-config-printer-libs version 1.1.16 system-config-printer-debuginfo version 1.1.16 system-config-printer-udev version 1.1.16

Description The issue affects the confidentiality, integrity, and availability of protected information in Red Hat Enterprise Linux. It can be exploited locally by an attacker who has passed the authentication procedure. The fw dbus.py in system-config-firewall uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

Recommendations For system-config-firewall versions 1.2.29 and earlier, consider disabling the fw dbus.py script until a patch is available. For system-config-firewall-base version 1.2.27, restrict access to the vulnerable module to minimize the risk of exploitation. For system-config-firewall-tui version 1.2.27, avoid using the vulnerable component until the issue is resolved. For system-config-printer version 1.1.16, system-config-printer-libs version 1.1.16, system-config-printer-debuginfo version 1.1.16, and system-config-printer-udev version 1.1.16, restrict access to the vulnerable modules to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.