Vulnerability-Lookup

CVE-2012-3447 (GCVE-0-2012-3447)

Vulnerability from cvelistv5 – Published: 2012-08-20 18:00 – Updated: 2024-08-06 20:05

Summary

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-XC4G-7VW8-924H

Vulnerability from github – Published: 2022-05-17 01:44 – Updated: 2024-10-01 19:34

Summary

Arbitrary file overwrite in OpenStack Nova

Details

virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nova"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "12.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-3447"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:51:28Z",
    "nvd_published_at": "2012-08-20T18:55:00Z",
    "severity": "HIGH"
  },
  "details": "`virt/disk/api.py` in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.",
  "id": "GHSA-xc4g-7vw8-924h",
  "modified": "2024-10-01T19:34:03Z",
  "published": "2022-05-17T01:44:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3447"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/nova/+bug/1031311"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/nova"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/nova/PYSEC-2012-21.yaml"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/10953"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20120824003029/http://www.securityfocus.com/bid/54869"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Arbitrary file overwrite in OpenStack Nova"
}

FKIE_CVE-2012-3447

Vulnerability from fkie_nvd - Published: 2012-08-20 18:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/08/07/1
secalert@redhat.com	http://www.securityfocus.com/bid/54869
secalert@redhat.com	https://bugs.launchpad.net/nova/+bug/1031311
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=845106
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/77539
secalert@redhat.com	https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3	Exploit, Patch
secalert@redhat.com	https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368	Exploit, Patch
secalert@redhat.com	https://review.openstack.org/#/c/10953/
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/08/07/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/54869
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/nova/+bug/1031311
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=845106
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/77539
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://review.openstack.org/#/c/10953/

Impacted products

	Vendor	Product	Version
	openstack	folsom	*
	openstack	nova	2012.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64EBA4DA-1439-4DCF-812E-C1F932032CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3340EB75-EC5E-431E-87F8-06F967961375",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361."
    },
    {
      "lang": "es",
      "value": "virt/disk/api.py en OpenStack Compute (Nova) v2012.1.x antes de v2012.1.2 y Folsom antes de Folsom-3 permite a usuarios remotos autenticados sobreescribir archivos de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos en una imagen que utiliza un enlace simb\u00f3lico que es s\u00f3lo legible por el usuario root. NOTA: esta vulnerabilidad se debe a un arreglo incompleto para CVE-2012-3361.\r\n"
    }
  ],
  "id": "CVE-2012-3447",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-08-20T18:55:03.293",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/54869"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugs.launchpad.net/nova/+bug/1031311"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://review.openstack.org/#/c/10953/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/54869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/nova/+bug/1031311"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://review.openstack.org/#/c/10953/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-3447

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-3447

Aliases

CVE-2012-3447

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-3447",
    "description": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.",
    "id": "GSD-2012-3447",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-3447.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-3447"
      ],
      "details": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.",
      "id": "GSD-2012-3447",
      "modified": "2023-12-13T01:20:20.851639Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-3447",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/08/07/1",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
          },
          {
            "name": "http://www.securityfocus.com/bid/54869",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/54869"
          },
          {
            "name": "https://bugs.launchpad.net/nova/+bug/1031311",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/nova/+bug/1031311"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
          },
          {
            "name": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3",
            "refsource": "MISC",
            "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
          },
          {
            "name": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368",
            "refsource": "MISC",
            "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
          },
          {
            "name": "https://review.openstack.org/#/c/10953/",
            "refsource": "MISC",
            "url": "https://review.openstack.org/#/c/10953/"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=845106",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c12.0.0",
          "affected_versions": "All versions before 12.0.0",
          "cvss_v2": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2023-02-14",
          "description": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.",
          "fixed_versions": [
            "12.0.0"
          ],
          "identifier": "CVE-2012-3447",
          "identifiers": [
            "GHSA-xc4g-7vw8-924h",
            "CVE-2012-3447"
          ],
          "not_impacted": "All versions starting from 12.0.0",
          "package_slug": "pypi/nova",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to version 12.0.0 or above.",
          "title": "Arbitrary file overwrite in OpenStack Nova",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2012-3447",
            "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3",
            "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368",
            "https://bugs.launchpad.net/nova/+bug/1031311",
            "https://bugzilla.redhat.com/show_bug.cgi?id=845106",
            "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539",
            "https://review.openstack.org/#/c/10953/",
            "http://www.openwall.com/lists/oss-security/2012/08/07/1",
            "http://www.securityfocus.com/bid/54869",
            "https://github.com/advisories/GHSA-xc4g-7vw8-924h"
          ],
          "uuid": "63dc26e7-f5e4-44e2-b8d4-684939486da1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openstack:nova:2012.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:folsom:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-3447"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
            },
            {
              "name": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
            },
            {
              "name": "54869",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/54869"
            },
            {
              "name": "[oss-security] 20120807 [OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
            },
            {
              "name": "https://review.openstack.org/#/c/10953/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://review.openstack.org/#/c/10953/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=845106",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
            },
            {
              "name": "https://bugs.launchpad.net/nova/+bug/1031311",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bugs.launchpad.net/nova/+bug/1031311"
            },
            {
              "name": "openstack-nova-code-execution(77539)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T03:28Z",
      "publishedDate": "2012-08-20T18:55Z"
    }
  }
}

PYSEC-2012-21

Vulnerability from pysec - Published: 2012-08-20 18:55 - Updated: 2023-11-07 20:24

Details

Impacted products

Name	purl
nova	pkg:pypi/nova

Aliases

CVE-2012-3447

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "nova",
        "purl": "pkg:pypi/nova"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "ce4b2e27be45a85b310237615c47eb53f37bb5f3"
            },
            {
              "fixed": "d9577ce9f266166a297488445b5b0c93c1ddb368"
            }
          ],
          "repo": "https://github.com/openstack/nova",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "15.1.5",
        "16.1.6",
        "16.1.7",
        "16.1.8",
        "17.0.10",
        "17.0.11",
        "17.0.12",
        "17.0.13",
        "17.0.7",
        "17.0.8",
        "17.0.9",
        "18.0.2",
        "18.0.3",
        "18.1.0",
        "18.2.0",
        "18.2.1",
        "18.2.2",
        "18.2.3",
        "18.3.0",
        "19.0.0",
        "19.0.0.0rc1",
        "19.0.0.0rc2",
        "19.0.1",
        "19.0.2",
        "19.0.3",
        "19.1.0",
        "19.2.0",
        "19.3.0",
        "19.3.1",
        "19.3.2",
        "20.0.0",
        "20.0.0.0rc1",
        "20.0.0.0rc2",
        "20.0.1",
        "20.1.0",
        "20.1.1",
        "20.2.0",
        "20.3.0",
        "20.4.0",
        "20.4.1",
        "20.5.0",
        "20.6.0",
        "20.6.1",
        "21.0.0",
        "21.0.0.0rc1",
        "21.0.0.0rc2",
        "21.1.0",
        "21.1.1",
        "21.1.2",
        "21.2.0",
        "21.2.1",
        "21.2.2",
        "21.2.3",
        "21.2.4",
        "22.0.0",
        "22.0.0.0rc1",
        "22.0.1",
        "22.1.0",
        "22.2.0",
        "22.2.1",
        "22.2.2",
        "22.3.0",
        "22.4.0",
        "23.0.0",
        "23.0.0.0rc1",
        "23.0.0.0rc2",
        "23.0.1",
        "23.0.2",
        "23.1.0",
        "23.2.0",
        "23.2.1",
        "23.2.2",
        "24.0.0",
        "24.0.0.0rc1",
        "24.0.0.0rc2",
        "24.1.0",
        "24.1.1",
        "24.2.0",
        "24.2.1",
        "25.0.0",
        "25.0.0.0rc1",
        "25.0.1",
        "25.1.0",
        "25.1.1",
        "25.2.0",
        "25.2.1",
        "26.0.0",
        "26.0.0.0rc1",
        "26.0.0.0rc2",
        "26.1.0",
        "26.1.1",
        "26.2.0",
        "27.0.0",
        "27.0.0.0rc1",
        "27.1.0",
        "28.0.0",
        "28.0.0.0rc1"
      ]
    }
  ],
  "aliases": [
    "CVE-2012-3447"
  ],
  "details": "virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.",
  "id": "PYSEC-2012-21",
  "modified": "2023-11-07T20:24:25.753827+00:00",
  "published": "2012-08-20T18:55:00+00:00",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3"
    },
    {
      "type": "EVIDENCE",
      "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
    },
    {
      "type": "FIX",
      "url": "https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/54869"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/08/07/1"
    },
    {
      "type": "WEB",
      "url": "https://review.openstack.org/#/c/10953/"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=845106"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/nova/+bug/1031311"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77539"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-3447 (GCVE-0-2012-3447)

GHSA-XC4G-7VW8-924H

FKIE_CVE-2012-3447

GSD-2012-3447

PYSEC-2012-21

Tags

Sightings

Nomenclature