Code Injection in Apple Swift

1) Code Injection

EUVDB-ID: #VU43390

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-4406

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Swift: 1.0.0 - 1.5.0

CPE2.3

• cpe:2.3:a:apple:swift:1.0.0:*:*:*:*:*:*:*
• cpe:2.3:a:apple:swift:1.0.1:*:*:*:*:*:*:*
• cpe:2.3:a:apple:swift:1.0.2:*:*:*:*:*:*:*

External links

https://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
https://rhn.redhat.com/errata/RHSA-2012-1379.html
https://rhn.redhat.com/errata/RHSA-2013-0691.html
https://www.openwall.com/lists/oss-security/2012/09/05/16
https://www.openwall.com/lists/oss-security/2012/09/05/4
https://www.securityfocus.com/bid/55420
https://bugs.launchpad.net/swift/+bug/1006414
https://bugzilla.redhat.com/show_bug.cgi?id=854757
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
https://launchpad.net/swift/+milestone/1.7.0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.