PT-2012-4720 · Openstack · Openstack Compute

Pádraig Brady

Publicado

2012-08-20

Atualizado

2023-02-13

CVE-2012-3447

CVSS v4.0

7.1

Alta

Vetor

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1 OpenStack Compute (Nova) versions Folsom through Folsom-2

Description The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. This problem exists due to an incomplete fix.

Recommendations For OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1, update to version 2012.1.2 or later. For OpenStack Compute (Nova) versions Folsom through Folsom-2, update to Folsom-3 or later. As a temporary workaround, consider restricting access to the virt/disk/api.py module to minimize the risk of exploitation.

Exploit

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-863

Identificadores relacionados

CVE-2012-3447

GHSA-XC4G-7VW8-924H

PYSEC-2012-21

Produtos afetados

Openstack Compute

PT-2012-4720 · Openstack · Openstack Compute

CVE-2012-3447

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18