NVD

Id
45042  
Name
CVE-2012-3447  
Description
virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:N/I:P/A:P)  
Pub Date
2017-01-19  
Published
2012-08-20  
Modified Date
2012-08-21  
Seq
2012-3447  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
225823 45042 CVE-2012-3447 [oss-security] 20120807 [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)  View
225824 45042 CVE-2012-3447 54869  View
225825 45042 CVE-2012-3447 openstack-nova-code-execution(77539)  View
225826 45042 CVE-2012-3447 https://bugs.launchpad.net/nova/+bug/1031311  View
225827 45042 CVE-2012-3447 https://bugzilla.redhat.com/show_bug.cgi?id=845106  View
225828 45042 CVE-2012-3447 https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3  View
225829 45042 CVE-2012-3447 https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368  View
225830 45042 CVE-2012-3447 https://review.openstack.org/#/c/10953/  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
28067 JVNDB-2012-003774 OpenStack Compute (Nova) の virt/disk/api.py における任意のファイルを上書される脆弱性 OpenStack Compute (Nova) の virt/disk/api.py には、任意のファイルを上書される脆弱性が存在します。 CVE-2012-3447 56685 CVE-2012-3447 45042 4.9 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003774.html 2012-07-31 2012-08-22 View