Showing 1 - 3 of 3

CVE-2012-4406

Status Candidate

Overview

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Related Files

Ubuntu Security Notice USN-1887-1: Posted Jun 21, 2013; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 1887-1 - Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift's XML. Various other issues were also addressed.; tags | advisory, remote, arbitrary, python; systems | linux, ubuntu; advisories | CVE-2012-4406, CVE-2013-2161, CVE-2012-4406, CVE-2013-2161; SHA-256 | 5b0ad4a79955b664e4b569e89066b103b2e70a89a066264da404f903535c5dfa; Download | Favorite | View

Red Hat Security Advisory 2013-0691-01: Posted Mar 29, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0691-01 - Red Hat Storage is a software only, scale-out storage solution that provides flexible and agile unstructured data storage for the enterprise. A flaw was found in the way the Swift component used Python pickle. This could lead to arbitrary code execution. With this update, the JSON format is used. Multiple insecure temporary file creation flaws were found in Red Hat Storage. A local user on the Red Hat Storage server could use these flaws to cause arbitrary files to be overwritten as the root user via a symbolic link attack.; tags | advisory, arbitrary, local, root, code execution, python; systems | linux, redhat; advisories | CVE-2012-4406, CVE-2012-5635, CVE-2012-5638; SHA-256 | bcd07c0db9e96622fb592f3bc2cdf309f96bf245b0da02f1ed7333420a00e28f; Download | Favorite | View

Red Hat Security Advisory 2012-1379-01: Posted Oct 17, 2012; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2012-1379-01 - OpenStack Swift is a highly available, distributed, eventually consistent object/blob store. It was found that OpenStack Swift used the Python pickle module in an insecure way to serialize and deserialize data from memcached. As memcached does not have authentication, an attacker on the local network, or possibly an unprivileged user in a virtual machine hosted on OpenStack, could use this flaw to inject specially-crafted data that would lead to arbitrary code execution.; tags | advisory, arbitrary, local, code execution, python; systems | linux, redhat; advisories | CVE-2012-4406; SHA-256 | c5b2ef344dad56952873d987a833f8e629ea5a50cc482876c0c63e40c6efc365; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 286 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 6 files
Milad Karimi 4 files
Google Security Research 3 files
Adam Gowdiak 3 files
kai6u 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

CVE-2012-4406

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems