Bug 757651 (CVE-2011-4356) - CVE-2011-4356 python-celery: Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001)
Summary: CVE-2011-4356 python-celery: Privilege escalation due improper sanitization o...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-4356
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-28 09:04 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:48 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-10-20 15:34:33 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2011-11-28 09:04:25 UTC
A privilege escalation flaw was found in the way 'celeryd-multi', 'celeryd_detach', 'celerybeat' and 'celeryev' tools of the Celery, an asynchronous task queue based on distributed message passing, performed sanitization of --uid and --gid arguments, provided to the tools on the command line (only effective user id was changed, with the real one remaining unchanged). A local attacker could use this flaw to send messages via the message broker or use the Pickle serializer to load and execute arbitrary code with elevated privileges.

References:
[1] http://www.celeryproject.org/news/celery-24-released/
[2] http://docs.celeryproject.org/en/latest/changelog.html#version-2-4-4
[3] https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt
[4] https://github.com/ask/celery/pull/544

Relevant upstream patch:
[5] https://github.com/gadomski/celery/commit/2afc0ea2ea22bce25013c9867f89e41a48b9251b

Comment 1 Jan Lieskovsky 2011-11-28 09:06:09 UTC
This issue affects the version of the python-celery package, as shipped with Fedora EPEL 6.

--

This issue affects the versions of the python-celery package, as shipped with Fedora release of 14, 15, and 16.

Comment 2 Andrew Colin Kissa 2011-11-28 09:09:48 UTC
Updates already submitted prior to this advisory.

Comment 3 Jan Lieskovsky 2011-11-28 09:10:22 UTC
CVE request:
[6] http://www.openwall.com/lists/oss-security/2011/11/28/1

Comment 4 Jan Lieskovsky 2011-11-28 09:12:09 UTC
(In reply to comment #2)

Hi Andrew,

  right aware of that (will add the scheduled updates NVR to subsequent comment). We just needed to dedicate a Red Hat Bugzilla bug for this and request CVE identifier.

> Updates already submitted prior to this advisory.

Thank you for scheduling those!

Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 5 Jan Lieskovsky 2011-11-28 09:14:40 UTC
This issue is scheduled to be corrected in the following python-celery package updates:
1) python-celery-2.2.8-1.el6 for Fedora EPEL 6,
2) python-celery-2.2.8-1.fc14 for Fedora release of 14, 
3) python-celery-2.2.8-1.fc15 for Fedora release of 15,
4) python-celery-2.2.8-1.fc16 for Fedora release of 16.

Comment 6 Jan Lieskovsky 2011-11-28 09:16:15 UTC
(In reply to comment #2)
> Updates already submitted prior to this advisory.

Andrew,

  and yet one request -- would it be possible to schedule new python-celery package update for Fedora release of 14 too? (it's still supported [till one month after Fedora release of 16 has been released]

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Comment 7 Andrew Colin Kissa 2011-11-28 09:18:28 UTC
Okay will do F14 just now.

Comment 8 Jan Lieskovsky 2011-11-28 09:31:37 UTC
(In reply to comment #7)
> Okay will do F14 just now.

Brilliant, thank you.

Comment 9 Vincent Danen 2011-11-28 18:36:55 UTC
This was assigned the name CVE-2011-4356:

http://www.openwall.com/lists/oss-security/2011/11/28/5

Comment 10 Fedora Update System 2011-12-10 19:34:45 UTC
python-celery-2.2.8-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2011-12-10 20:09:29 UTC
python-celery-2.2.8-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2011-12-13 19:58:06 UTC
python-celery-2.2.8-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.