File Overwrite Vulnerability in OpenStack Compute Affecting Nova
CVE-2012-3447

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
20 August 2012

Summary

The vulnerability in OpenStack Compute allows remote authenticated users to exploit symlink attacks, enabling them to overwrite arbitrary files. This issue arises specifically due to insecure handling of symlinks in the virt/disk/api.py module. The exploitation is facilitated when users create images that reference symlinks, which are accessible only to root, thereby posing a significant security risk for file integrity. The vulnerability is a consequence of an insufficiently addressed flaw from a previous CVE, highlighting the importance of robust security measures in cloud platforms.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.