CVE-2012-3447

Publication date 10 August 2012

Last updated 24 July 2024

Ubuntu priority

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nova	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 2012.1+stable~20120612-3ee026e-0ubuntu1.3
	11.10 oneiric	Fixed 2011.3-0ubuntu6.10
	11.04 natty	Ignored end of life
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
nova	Upstream: ce4b2e2 Upstream: d9577ce Upstream: https://review.openstack.org/#/c/10953/

CVE-2012-3447

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references