CVE DATABASE / CVE-2011-2520
CVE-2011-2520
CVSS 7.8 · HIGH
Summary
fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Redhat system-config-firewallFedoraproject fedora
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html
- http://secunia.com/advisories/45294
- http://securitytracker.com/id?1025793
- http://www.openwall.com/lists/oss-security/2011/07/18/6
- http://www.redhat.com/support/errata/RHSA-2011-0953.html
- http://www.securityfocus.com/bid/48715
- https://bugzilla.redhat.com/show_bug.cgi?id=717985
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68734
Data: NIST NVD. NVD last modified 2026-04-29. Always verify against the vendor advisory before acting.