Release date:
Updated on:
Affected Systems:
Ubuntu Linux 12.04 LTS i386
Ubuntu Linux 12.04 LTS amd64
Ubuntu Linux 11.10 i386
Ubuntu Linux 11.10 amd64
Openstack Nova
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54277
Cve id: CVE-2012-3360
OpenStack Compute (Nova) is a cloud computing constructor written in Python and is part of the laaS system.
OpenStack Nova has a remote code injection vulnerability. Attackers can exploit this vulnerability to inject and execute arbitrary code with root permissions, resulting in full control of the affected computers.
<* Source: Matthias Weckbecker
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://horizon.openstack.org/intro.html