CVE-2012-3447

Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1 OpenStack Compute (Nova) versions Folsom through Folsom-2

Description The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. This problem exists due to an incomplete fix.

Recommendations For OpenStack Compute (Nova) versions 2012.1.x through 2012.1.1, update to version 2012.1.2 or later. For OpenStack Compute (Nova) versions Folsom through Folsom-2, update to Folsom-3 or later. As a temporary workaround, consider restricting access to the virt/disk/api.py module to minimize the risk of exploitation.