oss-sec mailing list archives
CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 28 Nov 2011 10:09:01 +0100
Hello Kurt, Steve, vendors, a privilege escalation flaw was found in the way 'celeryd-multi', 'celeryd_detach', 'celerybeat' and 'celeryev' tools of the Celery, an asynchronous task queue based on distributed message passing, performed sanitization of --uid and --gid arguments, provided to the tools on the command line (only effective user id was changed, with the real one remaining unchanged). A local attacker could use this flaw to send messages via the message broker or use the Pickle serializer to load and execute arbitrary code with elevated privileges. References: [1] http://www.celeryproject.org/news/celery-24-released/ [2] http://docs.celeryproject.org/en/latest/changelog.html#version-2-4-4 [3] https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt [4] https://github.com/ask/celery/pull/544 Relevant upstream patch:[5] https://github.com/gadomski/celery/commit/2afc0ea2ea22bce25013c9867f89e41a48b9251b
Could you allocate a CVE id for this issue? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- python-celery / Celery v2.4 -- Privilege escalation due improper sanitization of --uid and --gid arguments in certain tools (CELERYSA-0001 Jan Lieskovsky (Nov 28)