Comment 15 for bug 885167

Thierry Carrez (ttx) wrote :

Proposed advisory (merged with bug 894755):

Title: Path traversal issues registering malicious images using EC2 API
Impact: High
Announced: ...
Reporter: David Black
Products: Nova

David Black reported two issues in OpenStack Nova's support for EC2 RegisterImage action. By registering images from malicious tarballs or manifests, an attacker could potentially traverse directories and overwrite files with the rights of the user Nova runs under. Only setups allowing the EC2 API and the S3/RegisterImage method for registering images are affected.