CVE-2012-4406

Опубликовано: 22 окт. 2012

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Ссылки

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1379.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0691.html
Not Applicable
http://www.openwall.com/lists/oss-security/2012/09/05/16
Mailing List
http://www.openwall.com/lists/oss-security/2012/09/05/4
Mailing List
http://www.securityfocus.com/bid/55420
Broken Link
https://bugs.launchpad.net/swift/+bug/1006414
Issue Tracking
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=854757
Issue Tracking
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
Third Party Advisory
VDB Entry
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
Patch
https://launchpad.net/swift/+milestone/1.7.0
Release Notes
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
Mailing List
http://rhn.redhat.com/errata/RHSA-2012-1379.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-0691.html
Not Applicable
http://www.openwall.com/lists/oss-security/2012/09/05/16
Mailing List
http://www.openwall.com/lists/oss-security/2012/09/05/4
Mailing List
http://www.securityfocus.com/bid/55420
Broken Link
https://bugs.launchpad.net/swift/+bug/1006414
Issue Tracking
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=854757
Issue Tracking
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*

Версия до 1.7.0 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.04125

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2012-4406

CVSS3: 9.8

ubuntu

больше 13 лет назад

CVE-2012-4406

redhat

больше 13 лет назад

CVE-2012-4406

CVSS3: 9.8

debian

больше 13 лет назад

OpenStack Object Storage (swift) before 1.7.0 uses the loads function ...

GHSA-v7mh-3jgf-r26c

CVSS3: 9.8

github

больше 3 лет назад

OpenStack Object Storage (swift) Code Injection vulnerability

EPSS

Процентиль: 88%

0.04125

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502