CVE-2011-4596
Ubuntu Security Notice USN-1305-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
Múltiples vulnerabilidades de salto de directorio en OpenStack Nova anterior a v2011.3.1, cuando el EC2 API y el método S3/RegisterImage image-registration están habilitados, cuando está habilitado register_globals, permite que usuarios remotos autenticados sobrescriban archivos arbitrarios a través de una (1) tarball o (2) manifest manipulado.
David Black discovered that Nova did not properly perform input validation during image registration. An attacker could exploit this by registering a crafted image using the EC2 API or S3/RegisterImage method and overwrite files as the nova user.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-11-29 CVE Reserved
- 2011-12-13 CVE Published
- 2024-08-07 CVE Updated
- 2025-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://bugs.launchpad.net/nova/+bug/885167 | Third Party Advisory | |
https://bugs.launchpad.net/nova/+bug/894755 | Third Party Advisory | |
https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6 | Third Party Advisory | |
https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e | Third Party Advisory | |
https://lists.launchpad.net/openstack/msg06105.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Nova Search vendor "Openstack" for product "Nova" | >= 2011.3 < 2011.3.1 Search vendor "Openstack" for product "Nova" and version " >= 2011.3 < 2011.3.1" | - |
Affected
|