845106 – (CVE-2012-3447) CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption, incomplete fix for CVE-2012-3361 (OSSA 2012-011)

Bug 845106 (CVE-2012-3447) - CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption, incomplete fix for CVE-2012-3361 (OSSA 2012-011)

Summary: CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption, incom...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-3447
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	846624 846625
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-01 19:13 UTC by Kurt Seifried
Modified:	2019-09-29 12:54 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-09 04:32:39 UTC
Embargoed:

Attachments	(Terms of Use)
Patch for CVE-2012-3447 for essex (1.93 KB, patch) 2012-08-01 19:17 UTC, Kurt Seifried	no flags	Details \| Diff
Patch for CVE-2012-3447 for folsom (1.35 KB, patch) 2012-08-01 19:17 UTC, Kurt Seifried	no flags	Details \| Diff
View All

Description Kurt Seifried 2012-08-01 19:13:41 UTC

Thierry Carrez <thierry> reports:

Pádraig Brady from Red Hat discovered that the fix implemented for
CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By
crafting a malicious image with root-readable-only symlinks and
requesting a server based on it, an authenticated user could still
corrupt arbitrary files (all setups affected) or inject arbitrary files
(Essex and later setups with OpenStack API enabled and a libvirt-based
hypervisor) on the host filesystem, potentially resulting in full
compromise of that compute node.

Comment 1 Kurt Seifried 2012-08-01 19:17:13 UTC

Created attachment 601803 [details]
Patch for CVE-2012-3447 for essex

Comment 2 Kurt Seifried 2012-08-01 19:17:37 UTC

Created attachment 601804 [details]
Patch for CVE-2012-3447 for folsom

Comment 3 Tomas Hoger 2012-08-08 09:33:16 UTC

References:

http://thread.gmane.org/gmane.comp.security.oss.general/8126
https://bugs.launchpad.net/nova/+bug/1031311

Comment 4 Tomas Hoger 2012-08-08 09:34:36 UTC

Created openstack-nova tracking bugs for this issue

Affects: fedora-all [bug 846624]
Affects: epel-6 [bug 846625]

Note You need to log in before you can comment on or make changes to this bug.