CVE-2012-3361

Published: Jul 22, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

49763

third-party-advisory

x_refsource_SECUNIA

https://review.openstack.org/#/c/9268/

x_refsource_CONFIRM

54278

vdb-entry

x_refsource_BID

https://bugs.launchpad.net/nova/+bug/1015531

x_refsource_CONFIRM

49802

third-party-advisory

x_refsource_SECUNIA

FEDORA-2012-10418

vendor-advisory

x_refsource_FEDORA

[openstack] 20120603 [OSSA 2012-008] Arbitrary file injection/corruption through directory traversal issues (CVE-2012-3360, CVE-2012-3361)

mailing-list

x_refsource_MLIST

FEDORA-2012-10420

vendor-advisory

x_refsource_FEDORA

https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7

x_refsource_CONFIRM

https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9

x_refsource_CONFIRM

USN-1497-1

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2012-3361

Description

Affected Products

References