Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4596

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-4596
Last Modified 26 Dec 2011 12:00:00
Published 23 Dec 2011 05:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-4596

Summary

Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.

Vulnerable Systems

Application

  • Openstack Compute 2011.3


References

MLIST - [openstack] 20111213 [OSSA 2011-001] Path traversal issues registering malicious images using EC2 API (CVE-2011-4596)

CONFIRM - https://github.com/openstack/nova/commit/ad3241929ea00569c74505ed002208ce360c667e

CONFIRM - https://github.com/openstack/nova/commit/76363226bd8533256f7795bba358d7f4b8a6c9e6

CONFIRM - https://bugs.launchpad.net/nova/+bug/894755

CONFIRM - https://bugs.launchpad.net/nova/+bug/885167


Last Updated: 27 May 2016 10:57:16