oss-sec mailing list archives
CVE-Request: openstack pickle de-serialization
From: Sebastian Krahmer <krahmer () suse de>
Date: Wed, 5 Sep 2012 10:09:03 +0200
Hi, During openstack review we found that some parts of openstack used pickle to de-serialize data. This could be used to execute arbitrary code. Please check here: https://bugs.launchpad.net/swift/+bug/1006414 Can someone please assign a CVE, for completeness? thx, Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer () suse de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Current thread:
- CVE-Request: openstack pickle de-serialization Sebastian Krahmer (Sep 05)
- Re: CVE-Request: openstack pickle de-serialization Kurt Seifried (Sep 05)