Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv2

CVE-2012-3361

Published: 22/07/2012 Updated: 17/08/2012
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Subscribe to Essex

Vulnerability Summary

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack essex 2012.1

openstack folsom 2012.2

openstack diablo 2011.3

Vendor Advisories

Debian CVElist Bug Report Logs: nova: Arbitrary file injection/corruption through directory traversal
Debian Bug report logs - #680110 nova: Arbitrary file injection/corruption through directory traversal Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Yves-Alexis Perez <corsac@debianorg> Date: Tue, 3 Jul 2012 16:51:02 UTC Severity: grave Tags: security Fixe ...
Ubuntu Security Notice: nova vulnerability
Nova could be made to overwrite or corrupt arbitrary files in the compute host file system ...
Ubuntu Security Notice: nova vulnerabilities
Nova could be made to overwrite or corrupt arbitrary files in the compute host file system ...

References

CWE-264http://secunia.com/advisories/49802https://review.openstack.org/#/c/9268/https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9https://bugs.launchpad.net/nova/+bug/1015531https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7http://www.securityfocus.com/bid/54278http://www.ubuntu.com/usn/USN-1497-1http://secunia.com/advisories/49763https://lists.launchpad.net/openstack/msg14089.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680110https://usn.ubuntu.com/1545-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook