Published: 22/07/2012 Updated: 17/08/2012

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack folsom 2012.2
openstack essex 2012.1

Debian Bug report logs - #680110 nova: Arbitrary file injection/corruption through directory traversal Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Tue, 3 Jul 2012 16:51:02 UTC Severity: grave Tags: security Fixe ...

Nova could be made to overwrite or corrupt arbitrary files in the compute host file system ...

CWE-22 https://bugs.launchpad.net/nova/+bug/1015531 http://secunia.com/advisories/49802 http://secunia.com/advisories/49763 https://lists.launchpad.net/openstack/msg14089.html https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 http://www.securityfocus.com/bid/54277 http://www.ubuntu.com/usn/USN-1497-1 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110 https://usn.ubuntu.com/1497-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3360

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect