Potential directory traversal in _untarzip_image
Bug #894755 reported by
Thierry Carrez
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Fix Released
|
High
|
Thierry Carrez | ||
| Diablo |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
From David Black on bug 885167:
One more possible bug (I don't know if this is reachable) is that the tarfile.extractall method is used in the
static method _untarzip_image. This method is also vulnerable to path traversal (as per the warning in the tarfile module documentation).
Filing this here for further investigation.
CVE References
| visibility: | private → public |
| Changed in nova: | |
| milestone: | none → essex-2 |
| status: | Fix Committed → Fix Released |
| Changed in nova: | |
| milestone: | essex-2 → 2012.1 |
To post a comment you must log in.

We should definitely protect against directory traversal here... I'm pretty sure you can inject a malicious tarfile in the EC2 image upload process.