CVE-2015-3156

{"id": "CVE-2015-3156", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2017-08-11T21:29:00.260", "references": [{"url": "https://bugs.launchpad.net/trove/+bug/1398195", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216073", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/cassandra/service.py#L230", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/mongodb/service.py#L176", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/experimental/redis/service.py#L236", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/datastore/mysql/service.py#L790", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/experimental/couchbase_impl.py#L30", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L110", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L36", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/backup/mysql_impl.py#L55", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/openstack/trove/blob/master/trove/guestagent/strategies/restore/mysql_impl.py#L194", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file."}, {"lang": "es", "value": "La funci\u00f3n _write_config en trove/guestagent/datastore/experimental/mongodb/service.py, la funci\u00f3n reset_configuration en trove/guestagent/datastore/experimental/postgresql/service/config.py, la funci\u00f3n write_config en trove/guestagent/datastore/experimental/redis/service.py, la funci\u00f3n _write_mycnf en trove/guestagent/datastore/mysql/service.py, la funci\u00f3n InnoBackupEx::_run_prepare en trove/guestagent/strategies/restore/mysql_impl.py, la funci\u00f3n InnoBackupEx::cmd en trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd en trove/guestagent/strategies/backup/mysql_impl.py, la funci\u00f3n InnoBackupExIncremental::cmd en trove/guestagent/strategies/backup/mysql_impl.py, la funci\u00f3n _get_actual_db_status en trove/guestagent/datastore/experimental/cassandra/system.py y trove/guestagent/datastore/experimental/cassandra/service.py, y m\u00faltiples m\u00e9todos de clase CbBackup en trove/guestagent/strategies/backup/experimental/couchbase_impl.py en Openstack DBaaS (tambi\u00e9n llamado Trove) tal y como est\u00e1 empaquetado en Openstack en versiones anteriores a la 2015.1.0 (tambi\u00e9n llamada Kilo) permite que usuarios locales escriban en archivos de configuraci\u00f3n mediante un ataque symlink en un archivo temporal."}], "lastModified": "2017-08-25T14:53:15.763", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:trove:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C58A67C0-6187-457B-B115-F785CE64C4E5", "versionEndIncluding": "2014.2.4"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}