PT-2012-5379 · Memcached+2 · Memcached+2

Krahmer

+1

·

Publicado

2012-10-22

·

Atualizado

2024-01-25

·

CVE-2012-4406

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions OpenStack Object Storage (swift) versions prior to 1.7.0
Description The issue allows remote attackers to execute arbitrary code via a crafted pickle object. This is due to the unsafe use of the loads function in the pickle Python module when storing and loading metadata in memcached.
Recommendations For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the memcached metadata storage to minimize the risk of exploitation.

Correção

RCE

Deserialization of Untrusted Data

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502CWE-94

Identificadores relacionados

CVE-2012-4406
GHSA-V7MH-3JGF-R26C
RHSA-2012:1379
RHSA-2013:0691

Produtos afetados

Openstack Object Storage
Memcached
Pickle