Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Nova
дополнено с 9 июля 2012 г.
Опубликовано:27 августа 2012 г.
Источник:
SecurityVulns ID:12461
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий, DoS.
CVE:CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.)
 CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section.)
 CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.)
 CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. (dot dot) in the path attribute of a file element.)
Оригинальный текстdocumentUBUNTU, [USN-1545-1] Nova vulnerability (27.08.2012)
 documentUBUNTU, [USN-1497-1] Nova vulnerabilities (09.07.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород