OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html | Mailing List |
http://rhn.redhat.com/errata/RHSA-2012-1379.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0691.html | Not Applicable |
http://www.openwall.com/lists/oss-security/2012/09/05/16 | Mailing List |
http://www.openwall.com/lists/oss-security/2012/09/05/4 | Mailing List |
http://www.securityfocus.com/bid/55420 | Broken Link |
https://bugs.launchpad.net/swift/+bug/1006414 | Issue Tracking Patch |
https://bugzilla.redhat.com/show_bug.cgi?id=854757 | Issue Tracking Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 | Third Party Advisory VDB Entry |
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | Patch |
https://launchpad.net/swift/+milestone/1.7.0 | Release Notes |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Jan 2024, 02:13
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | (FEDORA) http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://launchpad.net/swift/+milestone/1.7.0 - Release Notes | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | (BID) http://www.securityfocus.com/bid/55420 - Broken Link | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | (CONFIRM) https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CWE | CWE-502 | |
First Time |
Redhat gluster Storage Management Console
Fedoraproject fedora Fedoraproject Redhat gluster Storage Server For On-premise Redhat storage For Public Cloud Redhat Redhat storage Redhat enterprise Linux Server |
|
CPE | cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.5:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:* |
cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* |
Information
Published : 2012-10-22 23:55
Updated : 2024-02-28 12:00
NVD link : CVE-2012-4406
Mitre link : CVE-2012-4406
CVE.ORG link : CVE-2012-4406
JSON object : View
Products Affected
redhat
- gluster_storage_server_for_on-premise
- storage
- storage_for_public_cloud
- enterprise_linux_server
- gluster_storage_management_console
openstack
- swift
fedoraproject
- fedora
CWE
CWE-502
Deserialization of Untrusted Data