5.5

CVE-2012-3361

Exploit
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackDiablo Version2011.3
OpenstackEssex Version2012.1
OpenstackFolsom Version2012.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.58% 0.832
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:N/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html
http://secunia.com/advisories/49763
Vendor Advisory
http://secunia.com/advisories/49802
Vendor Advisory
http://www.ubuntu.com/usn/USN-1497-1
https://bugs.launchpad.net/nova/+bug/1015531
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7
Patch
Exploit
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9
Patch
Exploit
https://lists.launchpad.net/openstack/msg14089.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html
http://www.securityfocus.com/bid/54278
https://review.openstack.org/#/c/9268/