File Overwrite Vulnerability in OpenStack Compute Affecting Nova
CVE-2012-3447

Currently unrated

Key Information:

Vendor: Openstack
Status: Nova; Folsom
Vendor: CVE Published:; 20 August 2012

Summary

The vulnerability in OpenStack Compute allows remote authenticated users to exploit symlink attacks, enabling them to overwrite arbitrary files. This issue arises specifically due to insecure handling of symlinks in the virt/disk/api.py module. The exploitation is facilitated when users create images that reference symlinks, which are accessible only to root, thereby posing a significant security risk for file integrity. The vulnerability is a consequence of an insufficiently addressed flaw from a previous CVE, highlighting the importance of robust security measures in cloud platforms.

References

https://github.com/openstack/nova/commit/ce4b2e27be45a85b...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2012/08/07/1

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/54869

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 20, 2012
Vulnerability Reserved
Jun 14, 2012