Comment 5 for bug 1415087
Revision history for this message
| Bastian Blank (waldi) wrote Re: [Bug 1415087] Re: Format-guessing and file disclosure in image convert | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
On Mon, Feb 02, 2015 at 06:23:00PM -0000, Mike Perez wrote:
> Sorry for the late response on this (midcycle meetup last week and
> catching up with emails). I was definitely able to verify this with the
> reproduce steps. Thanks for reporting this Bastian.
While you are at it, there may be more surprises.
- cinder/nova calls "qemu-img info" without format. While this only
leads to missidentification, I don't know if this could be used
further.
- nova/cinder calls "qemu-img resize" without format. Unlikely to be
exploitable.
- nova calls "qemu-img convert" without input format. This should be
exploitable if instance storage uses raw images (raw, rbd, lvm).
Bastian
--
The face of war has never changed. Surely it is more logical to heal
than to kill.
-- Surak of Vulcan, "The Savage Curtain", stardate 5906.5