Re: CVE-Request: openstack pickle de-serialization

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/05/2012 02:09 AM, Sebastian Krahmer wrote:
> Hi,
>
> During openstack review we found that some parts of openstack used
> pickle to de-serialize data. This could be used to execute 
> arbitrary code. Please check here:
>
> https://bugs.launchpad.net/swift/+bug/1006414
>
> Can someone please assign a CVE, for completeness?
>
> thx, Sebastian

Good catch, thanks. Please use CVE-2012-4406 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQR477AAoJEBYNRVNeJnmTQQcQAIl2cU00nyNjDcaLDqZySh9T
31I0mdSdg6MWB2445uPUVdyW1tAqM50V7dgEEHoodEaKUfgDxDoH38fUJ5m3MPs9
5jK+7Bqj6ifoM6il+jg11fX+2VdILrXJVRTI8mv4a6Zqn1Fgruvfst2Ew3R2TknN
iPAF/6IZGkmXQJG5+N8PzFV8MzSXy9w2C/49krMIWaFH9pxssnoreoKvghQH2b83
COIzlN5zaAEi1YXgnMZqApp351KZxfp9pz76jF4K9YetTdwaZVHm/nTaqyTolaV/
qz7Tu7gEp8p4CQyuv3wEPlioTLyxiaz7OscqiIpoDDnc9SZWgrsNyV2v5w2zrNPy
fvZ5dl3zUvRgWPei8KZUUWV9TgxNndlXFm6Z5mbT42+XfpbfgDK0fbHdY1AVR7XG
wqYFCWIlq2byrl7sTXYdi0/SOyI7L0mbogG+QhP+BqX62ZmF+ubx/9Zi82elAali
ByoeXhBpP0sIprLz9zywKK+C7IF0cckKotKTTuC7FmmlbNp4M783+bSVCQnVZFep
4AALNgTzTuyVcIH7CREyeJaM5Akk3Vwwav2ltcWs3B/W4BOGHzcuBi60wP+mV5ZC
Iz1eSLzv7wAYogXOtUh3TAHwEzSt63sF/yjOZwOeml456C6j/ySJoJBSoReJj8Sw
nY7RzYUhIuttYDgSdoMs
=b2WA
-----END PGP SIGNATURE-----