CVE-2012-3360

Published: 22/07/2012 Updated: 17/08/2012

CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8

VMScore: 490

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack essex 2012.1
openstack folsom 2012.2

Nova could be made to overwrite or corrupt arbitrary files in the compute host file system ...

Debian Bug report logs - #680110 nova: Arbitrary file injection/corruption through directory traversal Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Tue, 3 Jul 2012 16:51:02 UTC Severity: grave Tags: security Fixe ...

CWE-22 https://bugs.launchpad.net/nova/+bug/1015531 http://secunia.com/advisories/49802 http://secunia.com/advisories/49763 https://lists.launchpad.net/openstack/msg14089.html https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 http://www.securityfocus.com/bid/54277 http://www.ubuntu.com/usn/USN-1497-1 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html https://nvd.nist.gov https://usn.ubuntu.com/1497-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3360

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect