Bug 867302 - (CVE-2012-6639) VUL-0: CVE-2012-6639: cloud-init: might access random "instance-data.local.domain" host
(CVE-2012-6639)
VUL-0: CVE-2012-6639: cloud-init: might access random "instance-data.local.do...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Robert Schweikert
Security Team bot
https://smash.suse.de/issue/96853/
maint:running:56555:moderate CVSSv2:R...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-07 07:20 UTC by Marcus Meissner
Modified: 2020-04-01 22:10 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-07 07:20:05 UTC
via oss-sec

Date: Thu, 06 Mar 2014 15:22:06 +0100
From: Florian Weimer <fweimer@redhat.com>
Subject: [oss-security] CVE request: cloud-init DNS resolution fix


Prior to version 0.7.0, cloud-init could send requests for EC2 instance data to untrusted systems:


https://bugs.launchpad.net/cloud-init/+bug/1040200
http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/revision/635

This could allow someone who has control over a suitable domain name to obtain root rights on an affected system.


This was reported and fixed silently in 2012, so it would need a 2012 CVE name.


(This issue is not specific to cloud-init, there seem to be some wget scripts out there which exhibit the same behavior, but it's probably some custom stuff that's not distributed anywhere, so no CVE is needed for that.)


--
Florian Weimer / Red Hat Product Security Team



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1073591
Comment 1 Swamp Workflow Management 2014-03-07 07:22:15 UTC
The SWAMPID for this issue is 56555.
This issue was rated as moderate.
Please submit fixed packages until 2014-03-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 SMASH SMASH 2014-03-07 07:25:13 UTC
Affected packages:

SLE-11-SP3-PRODUCTS: cloud-init
SLE-11-SP3: cloud-init
SLE-11-SP2-PRODUCTS: cloud-init
SLE-11-SP2: cloud-init
Comment 3 Marcus Meissner 2014-03-07 07:27:19 UTC
revising last comment ... 

is_maintained cloud-init
<empty>

Is cloud-init not used anymore?
Comment 4 Vincent Untz 2014-03-07 08:13:29 UTC
It's maintained by Robert, not by the SUSE Cloud team.
Comment 10 Marcus Meissner 2014-03-07 14:46:26 UTC
As we do not ship this anymore, and PubCloud uses 0.7.x, we can consider this fixed.