GSD-2012-4406
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2012-4406",
"description": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"id": "GSD-2012-4406",
"references": [
"https://www.suse.com/security/cve/CVE-2012-4406.html",
"https://access.redhat.com/errata/RHSA-2013:0691",
"https://access.redhat.com/errata/RHSA-2012:1379"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2012-4406"
],
"details": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.",
"id": "GSD-2012-4406",
"modified": "2023-12-13T01:20:14.569724Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://rhn.redhat.com/errata/RHSA-2013-0691.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-1379.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/16",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/09/05/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"name": "http://www.securityfocus.com/bid/55420",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/55420"
},
{
"name": "https://bugs.launchpad.net/swift/+bug/1006414",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"name": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a",
"refsource": "MISC",
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"name": "https://launchpad.net/swift/+milestone/1.7.0",
"refsource": "MISC",
"url": "https://launchpad.net/swift/+milestone/1.7.0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c1.7.0",
"affected_versions": "All versions before 1.7.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937",
"CWE-94"
],
"date": "2023-02-08",
"description": "CVE-2012-4406 Openstack-Swift: insecure use of python pickle()",
"fixed_versions": [
"1.7.0"
],
"identifier": "CVE-2012-4406",
"identifiers": [
"GHSA-v7mh-3jgf-r26c",
"CVE-2012-4406"
],
"not_impacted": "All versions starting from 1.7.0",
"package_slug": "pypi/swift",
"pubdate": "2022-05-17",
"solution": "Upgrade to version 1.7.0 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2012-4406",
"https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a",
"https://bugs.launchpad.net/swift/+bug/1006414",
"https://bugzilla.redhat.com/show_bug.cgi?id=854757",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/79140",
"https://launchpad.net/swift/+milestone/1.7.0",
"http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html",
"http://rhn.redhat.com/errata/RHSA-2012-1379.html",
"http://rhn.redhat.com/errata/RHSA-2013-0691.html",
"http://www.openwall.com/lists/oss-security/2012/09/05/16",
"http://www.openwall.com/lists/oss-security/2012/09/05/4",
"https://access.redhat.com/errata/RHSA-2012:1379",
"https://access.redhat.com/errata/RHSA-2013:0691",
"https://access.redhat.com/security/cve/CVE-2012-4406",
"https://web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420",
"https://github.com/advisories/GHSA-v7mh-3jgf-r26c"
],
"uuid": "cfd093ff-1e5a-42aa-8c7b-43925e30b7dd"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5D7F7C-3474-4354-8531-CC28D6F3B635",
"versionEndExcluding": "1.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0923F044-C68D-4A4A-96E1-C498F3A77C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object."
},
{
"lang": "es",
"value": "OpenStack Object Storage (swift) antes de v1.7.0 utiliza la funci\u00f3n loads en el m\u00f3dulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un objeto pickle modificado."
}
],
"id": "CVE-2012-4406",
"lastModified": "2024-01-25T02:13:29.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2012-10-22T23:55:06.743",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/16"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://www.securityfocus.com/bid/55420"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugs.launchpad.net/swift/+bug/1006414"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://launchpad.net/swift/+milestone/1.7.0"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…