Name of the Vulnerable Software and Affected Versions OpenStack Compute (Nova) versions 2011.3 through 2012.2

Description The issue allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. This is due to a problem in the virt/disk/api.py file.

Recommendations For versions 2011.3 through 2012.2, consider restricting access to the vulnerable virt/disk/api.py file until a patch is available. As a temporary workaround, avoid using the image functionality in OpenStack Compute (Nova) to minimize the risk of exploitation.