OSSA-2012-008: Arbitrary file injection/corruption through directory traversal

Date:

July 03, 2012

CVE:

CVE-2012-3360, CVE-2012-3361

Affects

  • Nova: All versions

Description

Matthias Weckbecker from SUSE Security team reported a vulnerability in Nova compute nodes handling of file injection in disk images. By requesting iles to be injected in malicious paths, a remote authenticated user could inject files in arbitrary locations on the host file system, potentially resulting in full compromise of the compute node. Only Essex and later setups running the OpenStack API over libvirt-based hypervisors are affected. Upon further inspection of the code, Pádraig Brady from Red Hat found an additional vulnerability. By crafting a malicious image and requesting an instance based on it, a remote authenticated user may corrupt arbitrary files on the host filesystem, potentially resulting in a denial of service. This affects all setups.

Patches

Credits

  • Matthias Weckbecker from SUSE (CVE-2012-3360, CVE-2012-3361)

  • Pádraig Brady from Red Hat (CVE-2012-3360, CVE-2012-3361)

References