oss-sec mailing list archives
Re: CVE-Request: openstack pickle de-serialization
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 05 Sep 2012 11:42:19 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/05/2012 02:09 AM, Sebastian Krahmer wrote:
Hi, During openstack review we found that some parts of openstack used pickle to de-serialize data. This could be used to execute arbitrary code. Please check here: https://bugs.launchpad.net/swift/+bug/1006414 Can someone please assign a CVE, for completeness? thx, Sebastian
Good catch, thanks. Please use CVE-2012-4406 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQR477AAoJEBYNRVNeJnmTQQcQAIl2cU00nyNjDcaLDqZySh9T 31I0mdSdg6MWB2445uPUVdyW1tAqM50V7dgEEHoodEaKUfgDxDoH38fUJ5m3MPs9 5jK+7Bqj6ifoM6il+jg11fX+2VdILrXJVRTI8mv4a6Zqn1Fgruvfst2Ew3R2TknN iPAF/6IZGkmXQJG5+N8PzFV8MzSXy9w2C/49krMIWaFH9pxssnoreoKvghQH2b83 COIzlN5zaAEi1YXgnMZqApp351KZxfp9pz76jF4K9YetTdwaZVHm/nTaqyTolaV/ qz7Tu7gEp8p4CQyuv3wEPlioTLyxiaz7OscqiIpoDDnc9SZWgrsNyV2v5w2zrNPy fvZ5dl3zUvRgWPei8KZUUWV9TgxNndlXFm6Z5mbT42+XfpbfgDK0fbHdY1AVR7XG wqYFCWIlq2byrl7sTXYdi0/SOyI7L0mbogG+QhP+BqX62ZmF+ubx/9Zi82elAali ByoeXhBpP0sIprLz9zywKK+C7IF0cckKotKTTuC7FmmlbNp4M783+bSVCQnVZFep 4AALNgTzTuyVcIH7CREyeJaM5Akk3Vwwav2ltcWs3B/W4BOGHzcuBi60wP+mV5ZC Iz1eSLzv7wAYogXOtUh3TAHwEzSt63sF/yjOZwOeml456C6j/ySJoJBSoReJj8Sw nY7RzYUhIuttYDgSdoMs =b2WA -----END PGP SIGNATURE-----
Current thread:
- CVE-Request: openstack pickle de-serialization Sebastian Krahmer (Sep 05)
- Re: CVE-Request: openstack pickle de-serialization Kurt Seifried (Sep 05)