Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-4406

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Related bugs and status

CVE-2012-4406 (Candidate) is related to these bugs:

Bug #1006414: Insecure loads()

Summary				In	Importance	Status
	1006414	Insecure loads()		OpenStack Object Storage (swift)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://bugzilla.redha...
MISC: http://www.securityfoc...
MISC: http://lists.fedorapro...
MISC: http://rhn.redhat.com/...
MISC: http://rhn.redhat.com/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://github.com/ope...
MISC: https://launchpad.net/...
MISC: https://exchange.xforc...