Vulnerabilities > CVE-2012-4406 - Deserialization of Untrusted Data vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Openstack
| 24 |
| Application | 4 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-15098.NASL description Do not use pickle for serialization in memcache (CVE-2012-4406) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-08 plugin id 62449 published 2012-10-08 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62449 title Fedora 16 : openstack-swift-1.4.8-3.fc16 (2012-15098) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-15098. # include("compat.inc"); if (description) { script_id(62449); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4406"); script_bugtraq_id(55420); script_xref(name:"FEDORA", value:"2012-15098"); script_name(english:"Fedora 16 : openstack-swift-1.4.8-3.fc16 (2012-15098)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Do not use pickle for serialization in memcache (CVE-2012-4406) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854761" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?26bb201f" ); script_set_attribute( attribute:"solution", value:"Update the affected openstack-swift package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openstack-swift"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/09/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"openstack-swift-1.4.8-3.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openstack-swift"); }NASL family Fedora Local Security Checks NASL id FEDORA_2012-15642.NASL description Do not use pickle for serialization in memcache (CVE-2012-4406) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-10-18 plugin id 62601 published 2012-10-18 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62601 title Fedora 17 : openstack-swift-1.4.8-3.fc17 (2012-15642) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-15642. # include("compat.inc"); if (description) { script_id(62601); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-4406"); script_bugtraq_id(55420); script_xref(name:"FEDORA", value:"2012-15642"); script_name(english:"Fedora 17 : openstack-swift-1.4.8-3.fc17 (2012-15642)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Do not use pickle for serialization in memcache (CVE-2012-4406) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=807172" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=854761" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-October/090207.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ba39749b" ); script_set_attribute( attribute:"solution", value:"Update the affected openstack-swift package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:openstack-swift"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"openstack-swift-1.4.8-3.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openstack-swift"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1887-1.NASL description Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-4406) Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilties in software parsing Swift last seen 2020-06-01 modified 2020-06-02 plugin id 66960 published 2013-06-21 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66960 title Ubuntu 12.04 LTS / 12.10 / 13.04 : swift vulnerabilities (USN-1887-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1887-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(66960); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/26"); script_cve_id("CVE-2012-4406", "CVE-2013-2161"); script_bugtraq_id(55420, 60543); script_xref(name:"USN", value:"1887-1"); script_name(english:"Ubuntu 12.04 LTS / 12.10 / 13.04 : swift vulnerabilities (USN-1887-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Sebastian Krahmer discovered that Swift used the loads function in the pickle Python module when it was configured to use memcached. A remote attacker on the same network as memcached could exploit this to execute arbitrary code. This update adds a new memcache_serialization_support option to support secure json serialization. For details on this new option, please see /usr/share/doc/swift-proxy/memcache.conf-sample. This issue only affected Ubuntu 12.04 LTS. (CVE-2012-4406) Alex Gaynor discovered that Swift did not safely generate XML. An attacker could potentially craft an account name to generate arbitrary XML responses to trigger vulnerabilities in software parsing Swift's XML. (CVE-2013-2161). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1887-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected python-swift package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-swift"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/22"); script_set_attribute(attribute:"patch_publication_date", value:"2013/06/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/06/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2020 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.04|12\.10|13\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.04 / 12.10 / 13.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.04", pkgname:"python-swift", pkgver:"1.4.8-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"python-swift", pkgver:"1.7.4-0ubuntu2.2")) flag++; if (ubuntu_check(osver:"13.04", pkgname:"python-swift", pkgver:"1.8.0-0ubuntu1.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-swift"); }
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=854757
- http://www.openwall.com/lists/oss-security/2012/09/05/16
- http://rhn.redhat.com/errata/RHSA-2012-1379.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html
- https://launchpad.net/swift/+milestone/1.7.0
- https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a
- https://bugs.launchpad.net/swift/+bug/1006414
- http://www.openwall.com/lists/oss-security/2012/09/05/4
- http://www.securityfocus.com/bid/55420
- http://rhn.redhat.com/errata/RHSA-2013-0691.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79140