Comment 10 for bug 1031311
Revision history for this message
| Thierry Carrez (ttx) wrote Re: CVE-2012-3361 not fully addressed | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Thanks Steve. Adjusted title/description to match:
Title: Compute node filesystem injection/
Impact: Critical
Reporter: Pádraig Brady (Red Hat)
Products: Nova
Affects: All versions
Description:
Pádraig Brady from Red Hat discovered that the fix implemented for CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By crafting a malicious image with root-readable-only symlinks and requesting a server based on it, an authenticated user could still corrupt arbitrary files (all setups affected) or inject arbitrary files (Essex and later setups with OpenStack API enabled and a libvirt-based hypervisor) on the host filesystem, potentially resulting in full compromise of that compute node.