virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nova | Openstack | 2012.1 | 2012.1 |
Folsom | Openstack | * | * |