Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4406

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-4406
Last Modified 10 Apr 2013 11:30:54
Published 22 Oct 2012 07:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4406

Summary

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Vulnerable Systems

Application

  • Openstack Swift 1.0.0

  • Openstack Swift 1.0.1

  • Openstack Swift 1.0.2

  • Openstack Swift 1.1.0

  • Openstack Swift 1.2.0

  • Openstack Swift 1.3.0

  • Openstack Swift 1.4.0

  • Openstack Swift 1.4.1

  • Openstack Swift 1.4.2

  • Openstack Swift 1.4.3

  • Openstack Swift 1.4.4

  • Openstack Swift 1.4.5

  • Openstack Swift 1.4.6

  • Openstack Swift 1.4.7

  • Openstack Swift 1.4.8

  • Openstack Swift 1.5.0

  • Openstack Swift 1.6.0


References

CONFIRM - https://launchpad.net/swift/+milestone/1.7.0

CONFIRM - https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=854757

CONFIRM - https://bugs.launchpad.net/swift/+bug/1006414

XF - openstack-swift-loads-code-exec(79140)

BID - 55420

MLIST - [oss-security] 20120905 CVE-Request: openstack pickle de-serialization

MLIST - [oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization

REDHAT - RHSA-2012:1379

FEDORA - FEDORA-2012-15098

REDHAT - RHSA-2013:0691


Last Updated: 27 May 2016 11:01:14