Insecure loads()
Bug #1006414 reported by
Thierry Carrez
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Object Storage (swift) |
Fix Released
|
Undecided
|
Vincent Untz |
Bug Description
Split from bug 1005903, from Sebastian Krahmer:
swift uses pickle to store and load meta data. pickle is insecure
and allows to execute arbitrary code in loads().
[...]
BTW, you can read more on executing code via pickle or cPickle here:
http://
Related branches
CVE References
Changed in swift: | |
milestone: | none → 1.7.0 |
status: | Fix Committed → Fix Released |
tags: | added: essex-backport |
To post a comment you must log in.
Pickle is insecure in a model where an untrusted user can provide the pickled data. In the Swift model the data is pickled by Swift itself and stored in memcache, so the attack vector would suppose direct write access by an untrusted user to memcached data ?