Lucene search

[email protected]CVE-2012-3447

HistoryAug 20, 2012 - 6:55 p.m.

CVE-2012-3447

2012-08-2018:55:00

CWE-264

[email protected]

web.nvd.nist.gov

openstack

nova

folsom

cve-2012-3447

nvd

symlink attack

security vulnerability

6.2 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

CPENameOperatorVersion
openstack:novaopenstack novaeq2012.1
openstack:folsomopenstack folsomeq*

CPE	Name	Operator	Version
openstack:nova	openstack nova	eq	2012.1
openstack:folsom	openstack folsom	eq	*

References

www.openwall.com/lists/oss-security/2012/08/07/1

www.securityfocus.com/bid/54869

bugs.launchpad.net/nova/+bug/1031311

bugzilla.redhat.com/show_bug.cgi?id=845106

exchange.xforce.ibmcloud.com/vulnerabilities/77539

github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3

github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368

review.openstack.org/#/c/10953/

6.2 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2012-3447

securityvulns3 ubuntucve2 github1 openvas14 osv1 ubuntu2 prion2 nessus5 debiancve2 cvelist2 fedora3 cve1