1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
PublicDateAtUSN: 2012-07-03 15:00:00
Candidate: CVE-2012-3361
CRD: 2012-07-03 15:00:00
PublicDate: 2012-07-22
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3361
http://www.ubuntu.com/usn/usn-1497-1
Description:
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex
(2012.1), and Diablo (2011.3) allows remote authenticated users to
overwrite arbitrary files via a symlink attack on a file in an image.
Ubuntu-Description:
Notes:
tyhicks> Per OpenStack Vuln Mgmt Team, all Nova versions are affected
tyhicks> The fix for this CVE was incomplete, see CVE-2012-3447
Bugs:
https://bugs.launchpad.net/nova/+bug/1015531
Priority: medium
Discovered-by: Pádraig Brady
Assigned-to:
Patches_nova:
upstream_nova: not-affected (2012.2~f2)
hardy_nova: DNE
lucid_nova: DNE
natty_nova: ignored (reached end-of-life)
oneiric_nova: released (2011.3-0ubuntu6.9)
precise_nova: released (2012.1+stable~20120612-3ee026e-0ubuntu1.1)
quantal_nova: not-affected (2012.2~f2-0ubuntu1)
devel_nova: not-affected (2012.2~f2-0ubuntu1)
|