Thierry Carrez <thierry> reports: Title: Arbitrary file injection/corruption through directory traversal issues Impact: Critical Reporter: Matthias Weckbecker (SUSE Security team) Description: Matthias Weckbecker from SUSE Security team reported a vulnerability in Nova compute nodes handling of file injection in disk images. By requesting files to be injected in malicious paths, a remote authenticated user could inject files in arbitrary locations on the host file system, potentially resulting in full compromise of the compute node. Only Essex and later setups running the OpenStack API over libvirt-based hypervisors are affected.
This is public now www.openwall.com/lists/oss-security/2012/07/03/2 filing trackers
References: https://bugs.launchpad.net/nova/+bug/1015531 http://www.openwall.com/lists/oss-security/2012/07/03/2 Fixes: Folsom: https://github.com/openstack/nova/commit/2427d4a99bed35baefd8f17ba422cb7aae8dcca7 Essex: https://github.com/openstack/nova/commit/b0feaffdb2b1c51182b8dce41b367f3449af5dd9 Diablo: see patch at https://review.openstack.org/9268
Created openstack-nova tracking bugs for this issue Affects: fedora-all [bug 844036]
Created openstack-nova tracking bugs for this issue Affects: epel-6 [bug 844040]