High severity7.8NVD Advisory· Published Jul 21, 2011· Updated Apr 29, 2026

CVE-2011-2520

Description

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

Affected products

Red Hat/System Config Firewall
cpe:2.3:a:redhat:system-config-firewall:*:*:*:*:*:*:*:*
Range: <=1.2.29
Fedoraproject/Fedora
cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

exchange.xforce.ibmcloud.com/vulnerabilities/68734nvdThird Party AdvisoryVDB Entry
lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.htmlnvdMailing List
secunia.com/advisories/45294nvdNot Applicable
securitytracker.com/idnvdBroken Link
www.openwall.com/lists/oss-security/2011/07/18/6nvdMailing List
www.redhat.com/support/errata/RHSA-2011-0953.htmlnvdNot Applicable
www.securityfocus.com/bid/48715nvdBroken Link
bugzilla.redhat.com/show_bug.cginvdIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000