OSSA-2012-011: Compute node filesystem injection/corruption¶

Date:: August 07, 2012
CVE:: CVE-2012-3447

Affects¶

Nova: All versions

Description¶

Pádraig Brady from Red Hat discovered that the fix implemented for CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By crafting a malicious image with root-readable-only symlinks and requesting a server based on it, an authenticated user could still corrupt arbitrary files (all setups affected) or inject arbitrary files (Essex and later setups with OpenStack API enabled and a libvirt-based hypervisor) on the host filesystem, potentially resulting in full compromise of that compute node.

Patches¶

https://review.openstack.org/#/c/10953 (Diablo)
https://review.openstack.org/#/c/10952 (Essex)
https://review.openstack.org/#/c/10951 (Folsom)

Credits¶

Pádraig Brady from Red Hat (CVE-2012-3447)

References¶

https://launchpad.net/bugs/1031311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3447

OSSA-2012-011: Compute node filesystem injection/corruption