← Back to team overview

openstack team mailing list archive

[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

OpenStack Security Advisory: 2012-011
CVE: CVE-2012-3447
Date: August 7, 2012
Title: Compute node filesystem injection/corruption
Impact: Critical
Reporter: Pádraig Brady (Red Hat)
Products: Nova
Affects: All versions

Description:
Pádraig Brady from Red Hat discovered that the fix implemented for
CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By
crafting a malicious image with root-readable-only symlinks and
requesting a server based on it, an authenticated user could still
corrupt arbitrary files (all setups affected) or inject arbitrary files
(Essex and later setups with OpenStack API enabled and a libvirt-based
hypervisor) on the host filesystem, potentially resulting in full
compromise of that compute node.

Folsom fix:
https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3

Essex fix:
https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368

Diablo fix:
https://review.openstack.org/#/c/10953/

References:
https://bugs.launchpad.net/nova/+bug/1031311
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2012-3447

Notes:
This fix will be included in the upcoming Nova 2012.1.2 stable update
(due Thursday) and the Folsom-3 development milestone (due next week).

- -- 
Thierry Carrez (ttx)
OpenStack Vulnerability Management Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBCAAGBQJQIXv+AAoJEFB6+JAlsQQjnJUQAI+Vp+GCMXAei/ktStVFrkXC
ilgIjBB5mcbrj/TGlnqhkS0MB0+kmo8Ucy4tI0O+gAqYaPNcEp6bbGr5pOby8Gdk
DehvQuTi4Rvvypnb7ORM+DjqPBtNGGMWKJzO84ls98Ev0z+6Soi4vmQal78wvwpX
3UbyqZG9P85QlDyyK+x/Af2D0YVCQffQ93/7UJi2OwB0hwHy+RS4WN7rYJGD2vh0
50jQYSgw/rrBSUPNupjEH+mXT/DM93z93qWmxHD6TYYUK9MmrfkfUPx8Ki8Fn5oQ
9znwXsIK5h3uexe2dHbABKaIm3AnMP3wCrKynEEjFV/no00r/Evm2zsdam31O3Bv
DV8ng6sdSnvltQK2s8F3blp3tNpsAp12QkC0BDI9FlYAACdaTBnDcVhKh4HoO84T
cRakJhfj23472GgmwwkIcPNEcfY1fWngUqN4rF2XUggtXzeEHyyqoiZIm4s4ns5+
DkSCmo5qBNbcos1C0BNeyPQ+wdF5U7wzQfggC6SRoKcPj/Mp8P5LCvgjPKwNtBuq
gzAVPSlx0Zehlqqey8zkUUGQ4btxiKP5+iwrKajY6QfqgtkqEsG46GR+tm+ygDNR
T8ltuixqMWpLPVUFZClaxV0MytSMdjhIgywkzyqHg9bzP4N3MztsGnIBPdQ0HC3a
P85xQ28EFbBC5tIZ4WRe
=C2MN
-----END PGP SIGNATURE-----


Follow ups