[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request -- python-celery / Celery v2.4 --
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2011-11-28 15:18:41
Message-ID: 4ED3A651.4010609 () redhat ! com
[Download RAW message or body]

On 11/28/2011 02:09 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
>   a privilege escalation flaw was found in the way 'celeryd-multi',
> 'celeryd_detach', 'celerybeat' and 'celeryev' tools of the Celery,
> an asynchronous task queue based on distributed message passing,
> performed sanitization of --uid and --gid arguments, provided to
> the tools on the command line (only effective user id was changed,
> with the real one remaining unchanged). A local attacker could use
> this flaw to send messages via the message broker or use the Pickle
> serializer to load and execute arbitrary code with elevated privileges.
>
> References:
> [1] http://www.celeryproject.org/news/celery-24-released/
> [2] http://docs.celeryproject.org/en/latest/changelog.html#version-2-4-4
> [3] https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt
> [4] https://github.com/ask/celery/pull/544
>
> Relevant upstream patch:
> [5]
> https://github.com/gadomski/celery/commit/2afc0ea2ea22bce25013c9867f89e41a48b9251b
>
> Could you allocate a CVE id for this issue?
>
> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2011-4356 for this issue.

-- 

-Kurt Seifried / Red Hat Security Response Team

[prev in list] [next in list] [prev in thread] [next in thread]