Details of VAR-201107-0133

ID

VAR-201107-0133

CVE

CVE-2011-2520

TITLE

Used in Red Hat products system-config-firewall of fw_dbus.py Privilege Acquisition Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2011-002088

DESCRIPTION

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. Red Hat system-config-firewall is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Successful exploits may aid in the compromise of affected computers. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for system-config-firewall SECUNIA ADVISORY ID: SA45294 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45294/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45294 RELEASE DATE: 2011-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/45294/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45294/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45294 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for system-config-firewall. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Marco Slaviero, SensePost ORIGINAL ADVISORY: RHSA-2011:0953-1: https://rhn.redhat.com/errata/RHSA-2011-0953.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: system-config-firewall security update Advisory ID: RHSA-2011:0953-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-0953.html Issue date: 2011-07-18 CVE Names: CVE-2011-2520 ===================================================================== 1. Summary: Updated system-config-firewall packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 3. Description: system-config-firewall is a graphical user interface for basic firewall setup. It was found that system-config-firewall used the Python pickle module in an insecure way when sending data (via D-Bus) to the privileged back-end mechanism. (CVE-2011-2520) Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue. This erratum updates system-config-firewall to use JSON (JavaScript Object Notation) for data exchange, instead of pickle. Therefore, an updated version of system-config-printer that uses this new communication data format is also provided in this erratum. Users of system-config-firewall are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Running instances of system-config-firewall must be restarted before the utility will be able to communicate with its updated back-end. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 717985 - CVE-2011-2520 system-config-firewall: privilege escalation flaw via use of python pickle 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Client/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm noarch: system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6ComputeNode/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm Red Hat Enterprise Linux Server (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm ppc64: system-config-printer-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.ppc64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.ppc64.rpm s390x: system-config-printer-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-libs-1.1.16-17.el6_1.2.s390x.rpm system-config-printer-udev-1.1.16-17.el6_1.2.s390x.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/system-config-firewall-1.2.27-3.el6_1.3.src.rpm ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/os/SRPMS/system-config-printer-1.1.16-17.el6_1.2.src.rpm i386: system-config-printer-1.1.16-17.el6_1.2.i686.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.i686.rpm system-config-printer-libs-1.1.16-17.el6_1.2.i686.rpm system-config-printer-udev-1.1.16-17.el6_1.2.i686.rpm noarch: system-config-firewall-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-base-1.2.27-3.el6_1.3.noarch.rpm system-config-firewall-tui-1.2.27-3.el6_1.3.noarch.rpm x86_64: system-config-printer-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-debuginfo-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-libs-1.1.16-17.el6_1.2.x86_64.rpm system-config-printer-udev-1.1.16-17.el6_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2520.html https://access.redhat.com/security/updates/classification/#moderate 8. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOJK9mXlSAg2UNWIIRAo0BAJ41WBVD9620jZwW1ac2CkiIn49T4ACdFDbg jMJNzR30MDhT1RH8H5XkcA4= =IXvZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2011-2520 // JVNDB: JVNDB-2011-002088 // BID: 48715 // VULHUB: VHN-50465 // PACKETSTORM: 103341 // PACKETSTORM: 103148

AFFECTED PRODUCTS

vendor:	fedoraproject	model:	fedora	scope:	eq	version:	15	Trust: 1.0
vendor:	redhat	model:	system-config-firewall	scope:	lte	version:	1.2.29	Trust: 1.0
vendor:	レッドハット	model:	red hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux server eus	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux desktop	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux hpc node	scope:	-	version:	-	Trust: 0.8
vendor:	レッドハット	model:	red hat enterprise linux server	scope:	-	version:	-	Trust: 0.8
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.22	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.17	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.11	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.15	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.14	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.16	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.21	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.25	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.23	Trust: 0.6
vendor:	redhat	model:	system-config-firewall	scope:	eq	version:	1.2.12	Trust: 0.6
vendor:	red	model:	hat system-config-printer	scope:	eq	version:	0	Trust: 0.3
vendor:	red	model:	hat system-config-firewall	scope:	eq	version:	0	Trust: 0.3
vendor:	red	model:	hat enterprise linux workstation	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux server eus 6.1.z	scope:	-	version:	-	Trust: 0.3
vendor:	red	model:	hat enterprise linux server	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux hpc node	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop	scope:	eq	version:	6	Trust: 0.3

sources: BID: 48715 // JVNDB: JVNDB-2011-002088 // CNNVD: CNNVD-201107-232 // NVD: CVE-2011-2520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-2520
value:	HIGH
Trust: 1.0
NVD:	CVE-2011-2520
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201107-232
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-50465
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2011-2520
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-50465
severity:	MEDIUM
baseScore:	6.0
vectorString:	AV:L/AC:H/AU:S/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	1.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2011-2520
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2011-2520
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-50465 // JVNDB: JVNDB-2011-002088 // CNNVD: CNNVD-201107-232 // NVD: CVE-2011-2520

PROBLEMTYPE DATA

problemtype:	CWE-502	Trust: 1.0
problemtype:	Deserialization of untrusted data (CWE-502) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-264	Trust: 0.1

sources: VULHUB: VHN-50465 // JVNDB: JVNDB-2011-002088 // NVD: CVE-2011-2520

THREAT TYPE

local

Trust: 1.1

sources: BID: 48715 // PACKETSTORM: 103341 // PACKETSTORM: 103148 // CNNVD: CNNVD-201107-232

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201107-232

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-50465

PATCH

title:	RHSA-2011	url:	https://rhn.redhat.com/errata/RHSA-2011-0953.html	Trust: 0.8
title:	system-config-firewall Fixes for permissions and access control issues vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=234649	Trust: 0.6

sources: JVNDB: JVNDB-2011-002088 // CNNVD: CNNVD-201107-232

EXTERNAL IDS

db:	NVD	id:	CVE-2011-2520	Trust: 3.7
db:	BID	id:	48715	Trust: 2.8
db:	SECUNIA	id:	45294	Trust: 2.6
db:	SECTRACK	id:	1025793	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2011/07/18/6	Trust: 1.7
db:	OSVDB	id:	73976	Trust: 0.8
db:	JVNDB	id:	JVNDB-2011-002088	Trust: 0.8
db:	CNNVD	id:	CNNVD-201107-232	Trust: 0.7
db:	PACKETSTORM	id:	103148	Trust: 0.2
db:	VULHUB	id:	VHN-50465	Trust: 0.1
db:	PACKETSTORM	id:	103341	Trust: 0.1

sources: VULHUB: VHN-50465 // BID: 48715 // JVNDB: JVNDB-2011-002088 // PACKETSTORM: 103341 // PACKETSTORM: 103148 // CNNVD: CNNVD-201107-232 // NVD: CVE-2011-2520

REFERENCES

url:	http://secunia.com/advisories/45294	Trust: 2.5
url:	http://www.securityfocus.com/bid/48715	Trust: 2.5
url:	http://securitytracker.com/id?1025793	Trust: 1.7
url:	http://lists.fedoraproject.org/pipermail/package-announce/2011-august/063314.html	Trust: 1.7
url:	http://www.redhat.com/support/errata/rhsa-2011-0953.html	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2011/07/18/6	Trust: 1.7
url:	https://bugzilla.redhat.com/show_bug.cgi?id=717985	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/68734	Trust: 1.7
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-2520	Trust: 0.8
url:	http://www.securitytracker.com/id/1025793	Trust: 0.8
url:	http://osvdb.org/73976	Trust: 0.8
url:	https://access.redhat.com/security/cve/cve-2011-2520	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2011:0953	Trust: 0.6
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2011-2520	Trust: 0.3
url:	http://permalink.gmane.org/gmane.comp.security.oss.general/5506	Trust: 0.3
url:	http://www.python.org/	Trust: 0.3
url:	https://rhn.redhat.com/errata/rhsa-2011-0953.html	Trust: 0.2
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=45294	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/45294/	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/advisories/45294/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/kb/docs/doc-11259	Trust: 0.1
url:	https://access.redhat.com/security/team/key/#package	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2011-2520	Trust: 0.1
url:	https://www.redhat.com/security/data/cve/cve-2011-2520.html	Trust: 0.1
url:	http://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1

sources: VULHUB: VHN-50465 // BID: 48715 // JVNDB: JVNDB-2011-002088 // PACKETSTORM: 103341 // PACKETSTORM: 103148 // CNNVD: CNNVD-201107-232 // NVD: CVE-2011-2520

CREDITS

Marco Slaviero

Trust: 0.3

sources: BID: 48715

SOURCES

db:	VULHUB	id:	VHN-50465
db:	BID	id:	48715
db:	JVNDB	id:	JVNDB-2011-002088
db:	PACKETSTORM	id:	103341
db:	PACKETSTORM	id:	103148
db:	CNNVD	id:	CNNVD-201107-232
db:	NVD	id:	CVE-2011-2520

LAST UPDATE DATE

2024-11-23T21:46:51.925000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-50465	date:	2023-02-13T00:00:00
db:	BID	id:	48715	date:	2015-04-13T21:23:00
db:	JVNDB	id:	JVNDB-2011-002088	date:	2024-02-21T06:15:00
db:	CNNVD	id:	CNNVD-201107-232	date:	2023-04-24T00:00:00
db:	NVD	id:	CVE-2011-2520	date:	2024-11-21T01:28:27.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-50465	date:	2011-07-21T00:00:00
db:	BID	id:	48715	date:	2011-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2011-002088	date:	2011-08-12T00:00:00
db:	PACKETSTORM	id:	103341	date:	2011-07-24T06:05:29
db:	PACKETSTORM	id:	103148	date:	2011-07-19T02:44:29
db:	CNNVD	id:	CNNVD-201107-232	date:	2011-07-20T00:00:00
db:	NVD	id:	CVE-2011-2520	date:	2011-07-21T23:55:03.410