Test ID:	1.3.6.1.4.1.25623.1.0.122133
Category:	Oracle Linux Local Security Checks
Title:	Oracle: Security Advisory (ELSA-2011-0953)
Summary:	The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory.
Description:	Summary: The remote host is missing an update for the 'system-config-firewall, system-config-printer' package(s) announced via the ELSA-2011-0953 advisory. Vulnerability Insight: system-config-firewall: [1.2.27-3.3] - fixed possible privilege escalation flaw via use of python pickle (CVE-2011-2520), replaced pickle by json (rhbz#717985) - stop D-BUS firewall mechanism on update system-config-printer: [1.1.16-17:.2] - Build pycups with -fno-strict-aliasing compiler option to avoid compiler warnings. [1.1.16-17:.1] - Adapted to system-config-firewall API change (bug #717985, CVE-2011-2520). Affected Software/OS: 'system-config-firewall, system-config-printer' package(s) on Oracle Linux 6. Solution: Please install the updated package(s). CVSS Score: 6.0 CVSS Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2520 1025793 http://securitytracker.com/id?1025793 45294 http://secunia.com/advisories/45294 48715 http://www.securityfocus.com/bid/48715 FEDORA-2011-9652 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063314.html RHSA-2011:0953 http://www.redhat.com/support/errata/RHSA-2011-0953.html [oss-security] 20110718 CVE-2011-2520: flaw in system-config-firewall's usage of pickle allows privilege escalation http://www.openwall.com/lists/oss-security/2011/07/18/6 https://bugzilla.redhat.com/show_bug.cgi?id=717985 systemconfigfirewall-priv-escalation(68734) https://exchange.xforce.ibmcloud.com/vulnerabilities/68734
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.