Bug 773639 - VUL-0: openstack-nova: symlink issues (CVE-2012-3360, CVE-2012-3361)
VUL-0: openstack-nova: symlink issues (CVE-2012-3360, CVE-2012-3361)
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Christoph Thiel
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-30 12:28 UTC by Marcus Meissner
Modified: 2012-07-30 15:35 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2012-07-30 12:28:55 UTC
is public, via cve db

(likely a dup, as matthias name is mentioned)


CVE-2012-3361: virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. 

CVE-2012-3361)
URL:https://lists.launchpad.net/openstack/msg14089.html
CONFIRM:https://bugs.launchpad.net/nova/+bug/1015531
CONFIRM:https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
CONFIRM:https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
CONFIRM:https://review.openstack.org/#/c/9268/ 


CVE-2012-3360: Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element. 

URL:https://lists.launchpad.net/openstack/msg14089.html
CONFIRM:https://bugs.launchpad.net/nova/+bug/1015531
CONFIRM:https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
CONFIRM:https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
Comment 1 Marcus Meissner 2012-07-30 14:55:53 UTC
probably also already fixed
Comment 2 Sascha Peilicke 2012-07-30 15:35:19 UTC
Yes