Published: 20/08/2012 Updated: 07/11/2023

CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8

VMScore: 436

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:P

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x prior to 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack nova 2012.1
openstack folsom

Nova could be made to overwrite or corrupt arbitrary files in the compute host file system ...

Debian Bug report logs - #684256 CVE-2012-3447: file injection writing to host filesystem Package: nova; Maintainer for nova is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 8 Aug 2012 04:21:02 UTC Severity: critical Found in version 201211-5 Fixed ...

CWE-264 https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3 https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368 http://www.securityfocus.com/bid/54869 http://www.openwall.com/lists/oss-security/2012/08/07/1 https://review.openstack.org/#/c/10953/https://bugzilla.redhat.com/show_bug.cgi?id=845106 https://bugs.launchpad.net/nova/+bug/1031311 https://exchange.xforce.ibmcloud.com/vulnerabilities/77539 https://usn.ubuntu.com/1545-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-3447

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect