CVE-2012-3361
Ubuntu Security Notice USN-1497-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.
virt/disk/api.py en OpenStack Compute (Nova) Folsom (2.012,2), Essex (2.012,1) y Diablo (2.011,3) permite a usuarios remotos autenticados sobrescribir archivos arbitrarios a través de un ataque de enlace simbólico un archivo en una imagen.
Matthias Weckbecker discovered that, when using the OpenStack API to setup libvirt-based hypervisors, an authenticated user could inject files in arbitrary locations on the file system of the host running Nova. A remote attacker could use this to gain root privileges. This issue only affects Ubuntu 12.04 LTS. Padraig Brady discovered that an authenticated user could corrupt arbitrary files of the host running Nova. A remote attacker could use this to cause a denial of service or possibly gain privileges. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-06-14 CVE Reserved
- 2012-07-03 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (11)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/54278 | Vdb Entry | |
https://bugs.launchpad.net/nova/+bug/1015531 | X_refsource_confirm | |
https://lists.launchpad.net/openstack/msg14089.html | Mailing List | |
https://review.openstack.org/#/c/9268 | X_refsource_confirm |
URL | Date | SRC |
---|---|---|
https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 | 2024-08-06 | |
https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083969.html | 2012-08-17 | |
http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083984.html | 2012-08-17 | |
http://secunia.com/advisories/49763 | 2012-08-17 | |
http://secunia.com/advisories/49802 | 2012-08-17 | |
http://www.ubuntu.com/usn/USN-1497-1 | 2012-08-17 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Openstack Search vendor "Openstack" | Diablo Search vendor "Openstack" for product "Diablo" | 2011.3 Search vendor "Openstack" for product "Diablo" and version "2011.3" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Essex Search vendor "Openstack" for product "Essex" | 2012.1 Search vendor "Openstack" for product "Essex" and version "2012.1" | - |
Affected
| ||||||
Openstack Search vendor "Openstack" | Folsom Search vendor "Openstack" for product "Folsom" | 2012.2 Search vendor "Openstack" for product "Folsom" and version "2012.2" | - |
Affected
|