ZMQ ipc socket file is created using un-sanitized network input
Bug #1122763 reported by
Erica Windisch
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
oslo-incubator |
Fix Released
|
Medium
|
Erica Windisch | ||
Grizzly |
Fix Released
|
Medium
|
Erica Windisch |
Bug Description
The following code in impl_zmq.py uses untrusted input 'topic' which is received over the network without any sanitization to create a file on the local filesystem:
Changed in oslo: | |
status: | New → Incomplete |
importance: | Undecided → Medium |
Changed in oslo: | |
assignee: | nobody → Eric Windisch (ewindisch) |
status: | Triaged → In Progress |
Changed in oslo: | |
milestone: | none → grizzly-rc1 |
Changed in oslo: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Trying to assess impact, need your expertise to confirm:
This requires access to the "internal" network, right ? In which case I'd fix it (and backport it) without an advisory since in the current Nova setup, the internal network is still considered somewhat privileged (think absence of encryption/ signature) and the impact here is limited (file is created with limited rights ? content is not controlled ?), so it's hardly directly exploitable ?