[OSSA 2012-011] Compute node filesystem injection/corruption (CVE-2012-3447)

OpenStack Security Advisory: 2012-011
CVE: CVE-2012-3447
Date: August 7, 2012
Title: Compute node filesystem injection/corruption
Impact: Critical
Reporter: Pádraig Brady (Red Hat)
Products: Nova
Affects: All versions

Description:
Pádraig Brady from Red Hat discovered that the fix implemented for
CVE-2012-3361 (OSSA-2012-008) was not covering all attack scenarios. By
crafting a malicious image with root-readable-only symlinks and
requesting a server based on it, an authenticated user could still
corrupt arbitrary files (all setups affected) or inject arbitrary files
(Essex and later setups with OpenStack API enabled and a libvirt-based
hypervisor) on the host filesystem, potentially resulting in full
compromise of that compute node.

Folsom fix:
https://github.com/openstack/nova/commit/ce4b2e27be45a85b310237615c47eb53f37bb5f3

Essex fix:
https://github.com/openstack/nova/commit/d9577ce9f266166a297488445b5b0c93c1ddb368

Diablo fix:
https://review.openstack.org/#/c/10953/

References: