CVE-2012-3447

CWE-264CWE-863Incorrect Authorization10 documents7 sources
Severity
4.9MEDIUM
EPSS
0.9%
top 23.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Nova
Timeline
PublishedAug 20
Latest updateMay 17

Description

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 6.8 | Impact: 4.9

Affected Packages3 packages

NVDopenstack/nova2012.1
PyPInova< 12.0.0
Debiannova< 2012.1.1-6+3

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Arbitrary file overwrite in OpenStack Nova2022-05-17
GHSA
Arbitrary file overwrite in OpenStack Nova2022-05-17
OSV
CVE-2012-3447: virt/disk/api2012-08-20
CVEList
CVE-2012-3447: virt/disk/api2012-08-20

📋Vendor Advisories

2
Ubuntu
Nova vulnerability2012-08-22
Debian
CVE-2012-3447: nova - virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom...2012

💬Community

3
Bugzilla
CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption (incomplete fix for CVE-2012-3361) [fedora-all]2012-08-08
Bugzilla
CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption (incomplete fix for CVE-2012-3361) [epel-6]2012-08-08
Bugzilla
CVE-2012-3447 OpenStack-Nova: compute nodes disk image file corruption, incomplete fix for CVE-2012-3361 (OSSA 2012-011)2012-08-01