Symlink Attack Vulnerability in OpenStack Compute by OpenStack
CVE-2012-3361

Currently unrated

Key Information:

Vendor: Openstack
Status: Essex; Folsom; Diablo
Vendor: CVE Published:; 22 July 2012

Summary

The vulnerability in OpenStack Compute (Nova) allows authenticated users to exploit symlink attacks, resulting in the potential overwriting of arbitrary files in an image. This issue stems from the inadequacy in file handling within virt/disk/api.py, affecting multiple versions such as Folsom, Essex, and Diablo.

References

http://secunia.com/advisories/49763

third-party-advisoryx_refsource_SECUNIA

https://review.openstack.org/#/c/9268/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/54278

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 22, 2012
Vulnerability Reserved
Jun 14, 2012