| Summary: | CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle [fedora-all] | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Vincent Danen <vdanen> |
| Component: | system-config-printer | Assignee: | Tim Waugh <twaugh> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 15 | CC: | anthony.mounsey, bengt.sjogren, bob, christos.lazaridis+redhat.bugzilla, cortocircuit, hugosleao, jpopelka, spam42, Triv, twaugh, zackxon, zbechir |
| Target Milestone: | --- | Keywords: | Security, SecurityTracking |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | system-config-printer-1.3.5-1.fc15 | Doc Type: | Release Note |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-08-07 20:27:24 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | |||
| Bug Blocks: | 717985 | ||
|
Description
Vincent Danen
2011-07-18 17:33:23 UTC
system-config-firewall update was already pushed to F15 stable (FEDORA-2011-9652) and is in F14 testing (FEDORA-2011-9663). *** Bug 727860 has been marked as a duplicate of this bug. *** Package: system-config-printer-1.3.3-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Opened printing applet and selected add input requested password and the application crashed Package: system-config-printer-1.3.3-1.fc15
Architecture: x86_64
OS Release: Fedora release 15 (Lovelock)
Comment
-----
This problem ocurrs when a I run system-config-printer, then I am going to add a new network printer, in this moment is when produce de problem
and show you by console this message:
system-config-printer
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/dbus/connection.py", line 586, in msg_reply_handler
reply_handler(*message.get_args_list(**get_args_opts))
File "/usr/share/system-config-printer/firewall.py", line 77, in reply_handler
self._fw_data = pickle.loads (result.encode ('utf-8'))
File "/usr/lib64/python2.7/pickle.py", line 1382, in loads
return Unpickler(file).load()
File "/usr/lib64/python2.7/pickle.py", line 858, in load
dispatch[key](self)
KeyError: '['
Package: system-config-printer-1.3.3-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Adding a printer Package: system-config-printer-1.3.3-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- sem motivo aparente. Package: system-config-printer-1.3.3-1.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- I don't know Package: system-config-printer-1.3.3-1.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- Tried to install a network printer Package: system-config-printer-1.3.3-1.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- system-config-printer Package: system-config-printer-1.3.3-1.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- just trying to get my canon pixma mp620b printer to work. I plugged it in and for some reason I just get this alert. Package: system-config-printer-1.3.3-1.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- As I stared to configure a new printer Package: system-config-printer-1.3.3-1.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- As I stared to configure a new printer Package: system-config-printer-1.3.2-2.fc15 Architecture: i686 OS Release: Fedora release 15 (Lovelock) Comment ----- when adding the printer Package: system-config-printer-1.3.2-2.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Selected "Printing" from Applications. Selected "Add Printer" Entered my password *crash* Package: system-config-printer-1.3.2-2.fc15 Architecture: x86_64 OS Release: Fedora release 15 (Lovelock) Comment ----- Removed the printer entry that made the printer receive data and print nothing. This message is a notice that Fedora 15 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 15. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At this time, all open bugs with a Fedora 'version' of '15' have been closed as WONTFIX. (Please note: Our normal process is to give advanced warning of this occurring, but we forgot to do that. A thousand apologies.) Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, feel free to reopen this bug and simply change the 'version' to a later Fedora version. Bug Reporter: Thank you for reporting this issue and we are sorry that we were unable to fix it before Fedora 15 reached end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged to click on "Clone This Bug" (top right of this page) and open it against that version of Fedora. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping |