CVE-2011-4356

Published: 05/12/2011 Updated: 03/01/2012

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Celery 2.1 and 2.2 prior to 2.2.8, 2.3 prior to 2.3.4, and 2.4 prior to 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
celeryproject celery 2.2.0
celeryproject celery 2.3.2
celeryproject celery 2.3.0
celeryproject celery 2.2.7
celeryproject celery 2.2.2
celeryproject celery 2.2.4
celeryproject celery 2.4.2
celeryproject celery 2.1.0
celeryproject celery 2.2.1
celeryproject celery 2.2.5
celeryproject celery 2.2.6
celeryproject celery 2.4.0
celeryproject celery 2.4.3
celeryproject celery 2.4.1
celeryproject celery 2.3.3
celeryproject celery 2.2.3
celeryproject celery 2.3.1

CWE-264 https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt https://github.com/ask/celery/pull/544 http://secunia.com/advisories/46973 http://www.securityfocus.com/bid/50825 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-4356

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect