OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html | Mailing List |
http://rhn.redhat.com/errata/RHSA-2012-1379.html | Third Party Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0691.html | Not Applicable |
http://www.openwall.com/lists/oss-security/2012/09/05/16 | Mailing List |
http://www.openwall.com/lists/oss-security/2012/09/05/4 | Mailing List |
http://www.securityfocus.com/bid/55420 | Broken Link |
https://bugs.launchpad.net/swift/+bug/1006414 | Issue Tracking Patch |
https://bugzilla.redhat.com/show_bug.cgi?id=854757 | Issue Tracking Patch |
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 | Third Party Advisory VDB Entry |
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a | Patch |
https://launchpad.net/swift/+milestone/1.7.0 | Release Notes |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
25 Jan 2024, 02:13
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:openstack:swift:1.2.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc2:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.1:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.6:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.4:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.8:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.3:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.5:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.4.7:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.3.0:gamma1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.1.0:rc1:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.5.0:*:*:*:*:*:*:* cpe:2.3:a:openstack:swift:1.0.1:*:*:*:*:*:*:* |
cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1379.html - Third Party Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2013-0691.html - Not Applicable | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/16 - Mailing List | |
References | () http://www.openwall.com/lists/oss-security/2012/09/05/4 - Mailing List | |
References | () http://www.securityfocus.com/bid/55420 - Broken Link | |
References | () https://bugs.launchpad.net/swift/+bug/1006414 - Issue Tracking, Patch | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=854757 - Issue Tracking, Patch | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 - Third Party Advisory, VDB Entry | |
References | () https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a - Patch | |
References | () https://launchpad.net/swift/+milestone/1.7.0 - Release Notes | |
First Time |
Redhat storage For Public Cloud
Redhat Redhat enterprise Linux Server Redhat gluster Storage Server For On-premise Fedoraproject fedora Redhat gluster Storage Management Console Fedoraproject Redhat storage |
|
CWE | CWE-502 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
13 Feb 2023, 04:34
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. | |
References |
|
02 Feb 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2012-4406 Openstack-Swift: insecure use of python pickle() | |
References |
|
Information
Published : 2012-10-22 23:55
Updated : 2024-01-25 02:13
NVD link : CVE-2012-4406
Mitre link : CVE-2012-4406
CVE.ORG link : CVE-2012-4406
JSON object : View
Products Affected
redhat
- gluster_storage_management_console
- storage_for_public_cloud
- enterprise_linux_server
- storage
- gluster_storage_server_for_on-premise
fedoraproject
- fedora
openstack
- swift
CWE
CWE-502
Deserialization of Untrusted Data