This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
system-config-firewall is a graphical user interface for basic
It was found that system-config-firewall used the Python pickle module
in an insecure way when sending data (via D-Bus) to the privileged
back-end mechanism. A local user authorized to configure firewall
rules using system-config-firewall could use this flaw to execute
arbitrary code with root privileges, by sending a specially-crafted
serialized object. (CVE-2011-2520)
Object Notation) for data exchange, instead of pickle. Therefore, an
updated version of system-config-printer that uses this new
communication data format is also provided in this erratum.
Users of system-config-firewall are advised to upgrade to these
updated packages, which contain a backported patch to resolve this
issue. Running instances of system-config-firewall must be restarted
before the utility will be able to communicate with its updated
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.0
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61084 ()
CVE ID: CVE-2011-2520