Contact Us
SECURITY BLOG SECURITY DASHBOARD PARTNERS PRODUCTS JOBS SERVICES COMPANY HOME
 
Security Dashboard | US-CERTs | SecurityFocus | Advisories | Exploits | Threats | Vulnerabilities | Risks
Network Security Consulting Advisories Article

OpenStack Nova CVE-2012-3360 Remote Code Injection Vulnerability

http://www.securityfocus.com/bid/54277

Security Info

Bugtraq ID: 54277
Class: Input Validation Error
CVE: CVE-2012-3360
Remote: Yes
Local: No
Published: Jul 03 2012 12:00AM
Updated: Jul 04 2012 02:00PM
Credit: Matthias Weckbecker
Vulnerable: Ubuntu Ubuntu Linux 12.04 LTS i386
Ubuntu Ubuntu Linux 12.04 LTS amd64
Ubuntu Ubuntu Linux 11.10 i386
Ubuntu Ubuntu Linux 11.10 amd64
OpenStack Dashboard (Horizon) 2012.1
Not Vulnerable:

Security Discussion

OpenStack Nova is prone to a remote code-injection vulnerability.

An attacker can exploit this issue to inject and execute arbitrary code with root privileges. Successful exploits will completely compromise affected computers.

Proof of Concept and Security Exploits

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Security Solution(s)

Solution:
Vendor updates are available. Please see the references for more information.

Security References(s)

References:

Contact Us

Security Penetration Testing

Security Questions

Security Dashboard

Emagined Security Blog featuring Dr. Eugene Schultz
Site Updated May 21, 2013
©2000-2013 Emagined Security
All Rights Reserved

Secure Web Programming
by Vizual Services