Pickled data in Glance database enables remote code execution
Bug #1213241 reported by
Brian Waldon
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Glance |
Fix Released
|
Critical
|
John Bresnahan |
Bug Description
Glance uses pickled python objects for the storage of image location metadata in its SQL database backend [1]. In the event that the database server running beneath Glance is compromised, the usage of pickle will allow an attacker to execute untrusted code remotely and further compromise the cloud [2] [3].
[1] https:/
[2] See warning at the top of the pickle module doc: http://
[3] http://
Changed in ossa: | |
status: | Incomplete → Confirmed |
Changed in glance: | |
milestone: | none → havana-3 |
information type: | Private Security → Public |
no longer affects: | ossa |
Changed in glance: | |
importance: | High → Critical |
Changed in glance: | |
assignee: | nobody → Mark Washenberger (markwash) |
Changed in glance: | |
milestone: | havana-3 → havana-rc1 |
Changed in glance: | |
status: | Fix Committed → Fix Released |
Changed in glance: | |
milestone: | havana-rc1 → 2013.2 |
To post a comment you must log in.
I'd say this could be valid for OSSA because you escalate from DB compromise (DoS, data exploitation) to remote code execution with the glance user rights...