Main Vulnerability Database SB2012092801

SB2012092801 - Fedora EPEL 6 update for openstack-swift

Published: September 28, 2012 Updated: April 24, 2025

Security Bulletin ID SB2012092801

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Code Injection (CVE-ID: CVE-2012-4406)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2012-13038