CVE-2012-3361

Publication date 3 July 2012

Last updated 24 July 2024

Ubuntu priority

virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
nova	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 2012.1+stable~20120612-3ee026e-0ubuntu1.1
	11.10 oneiric	Fixed 2011.3-0ubuntu6.9
	11.04 natty	Ignored
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

How can I get the fixes?
What do statuses mean?

Notes

tyhicks

Per OpenStack Vuln Mgmt Team, all Nova versions are affected The fix for this CVE was incomplete, see CVE-2012-3447

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1497-1
Nova vulnerabilities
3 July 2012

Other references

https://www.cve.org/CVERecord?id=CVE-2012-3361