All the vulnerabilites related to redhat - gluster_storage_management_console
Vulnerability from fkie_nvd
Published
2016-06-07 14:06
Modified
2024-11-21 02:18
Summary
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E167B79-6F17-4E79-94F0-AC4ABDCF596D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:gluster_storage_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D3475F-0080-456F-B17D-D94659504C64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:storage_native_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "203E31B3-18D0-40E4-A072-4C52A0ECAEBE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:gluster_storage_server:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D3475F-0080-456F-B17D-D94659504C64",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."
    },
    {
      "lang": "es",
      "value": "El paquete gluster-swift de Red Hat, tal como se utiliza en Red Hat Gluster Storage (anteriormente Red Hat Storage Server), permite a usuarios remotos autenticados eludir la restricci\u00f3n max_meta_count a trav\u00e9s de m\u00faltiples peticiones manipuladas que exceden el l\u00edmite cuando se combinan."
    }
  ],
  "id": "CVE-2014-8177",
  "lastModified": "2024-11-21T02:18:43.120",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-07T14:06:00.133",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-10-22 23:55
Modified
2024-11-21 01:42
Severity ?
Summary
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
References
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.htmlMailing List
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-1379.htmlThird Party Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2013-0691.htmlNot Applicable
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/09/05/16Mailing List
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/09/05/4Mailing List
secalert@redhat.comhttp://www.securityfocus.com/bid/55420Broken Link
secalert@redhat.comhttps://bugs.launchpad.net/swift/+bug/1006414Issue Tracking, Patch
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=854757Issue Tracking, Patch
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79140Third Party Advisory, VDB Entry
secalert@redhat.comhttps://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831aPatch
secalert@redhat.comhttps://launchpad.net/swift/+milestone/1.7.0Release Notes
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-1379.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0691.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/09/05/16Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/09/05/4Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55420Broken Link
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/swift/+bug/1006414Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=854757Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79140Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831aPatch
af854a3a-2127-422b-91ae-364da2661108https://launchpad.net/swift/+milestone/1.7.0Release Notes



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
              "versionEndExcluding": "1.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
              "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
    },
    {
      "lang": "es",
      "value": "OpenStack Object Storage (swift) antes de v1.7.0 utiliza la funci\u00f3n loads en el m\u00f3dulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto pickle modificado."
    }
  ],
  "id": "CVE-2012-4406",
  "lastModified": "2024-11-21T01:42:49.180",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2012-10-22T23:55:06.743",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/55420"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/swift/+bug/1006414"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://launchpad.net/swift/+milestone/1.7.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/55420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/swift/+bug/1006414"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://launchpad.net/swift/+milestone/1.7.0"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2014-8177
Vulnerability from cvelistv5
Published
2016-06-07 14:00
Modified
2024-08-06 13:10
Severity ?
Summary
The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.
References
http://rhn.redhat.com/errata/RHSA-2015-1845.htmlvendor-advisory, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1257525x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1846.htmlvendor-advisory, x_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2015/08/27/5mailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:51.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1845",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"
          },
          {
            "name": "RHSA-2015:1846",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
          },
          {
            "name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-07T13:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2015:1845",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1257525"
        },
        {
          "name": "RHSA-2015:1846",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html"
        },
        {
          "name": "[oss-security] 20150827 CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/08/27/5"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8177",
    "datePublished": "2016-06-07T14:00:00",
    "dateReserved": "2014-10-10T00:00:00",
    "dateUpdated": "2024-08-06T13:10:51.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4406
Vulnerability from cvelistv5
Published
2012-10-22 23:00
Modified
2024-08-06 20:35
Severity ?
Summary
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:35:09.281Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
          },
          {
            "name": "55420",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55420"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://launchpad.net/swift/+milestone/1.7.0"
          },
          {
            "name": "RHSA-2012:1379",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
          },
          {
            "name": "openstack-swift-loads-code-exec(79140)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/swift/+bug/1006414"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
          },
          {
            "name": "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
          },
          {
            "name": "FEDORA-2012-15098",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
          },
          {
            "name": "RHSA-2013:0691",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
          },
          {
            "name": "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-06-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
        },
        {
          "name": "55420",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55420"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://launchpad.net/swift/+milestone/1.7.0"
        },
        {
          "name": "RHSA-2012:1379",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
        },
        {
          "name": "openstack-swift-loads-code-exec(79140)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/swift/+bug/1006414"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
        },
        {
          "name": "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
        },
        {
          "name": "FEDORA-2012-15098",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
        },
        {
          "name": "RHSA-2013:0691",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
        },
        {
          "name": "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-4406",
    "datePublished": "2012-10-22T23:00:00",
    "dateReserved": "2012-08-21T00:00:00",
    "dateUpdated": "2024-08-06T20:35:09.281Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}