#VU43390 Code Injection in Swift - CVE-2012-4406

Cybersecurity Help s.r.o.

Published: 2012-10-23 | Updated: 2020-08-11

Vulnerability identifier: #VU43390

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2012-4406

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Swift
Universal components / Libraries / Scripting languages

Vendor: Apple Inc.

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Swift: 1.0.0 - 1.5.0

External links
https://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
https://rhn.redhat.com/errata/RHSA-2012-1379.html
https://rhn.redhat.com/errata/RHSA-2013-0691.html
https://www.openwall.com/lists/oss-security/2012/09/05/16
https://www.openwall.com/lists/oss-security/2012/09/05/4
https://www.securityfocus.com/bid/55420
https://bugs.launchpad.net/swift/+bug/1006414
https://bugzilla.redhat.com/show_bug.cgi?id=854757
https://exchange.xforce.ibmcloud.com/vulnerabilities/79140
https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
https://launchpad.net/swift/+milestone/1.7.0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Code Injection in Apple Swift

Fedora EPEL 6 update for openstack-swift