CVE-2012-4406

Published: Oct 22, 2012Modified: Apr 29, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Affected (8)

Products: Openstack: Swift · Fedoraproject: Fedora · Redhat: Enterprise Linux Server, Gluster Storage Management Console, Gluster Storage Server For On Premise, Storage, Storage For Public Cloud

1 product

1 product

5 products

Enterprise Linux Server

Gluster Storage Management Console

Gluster Storage Server For On Premise

Storage For Public Cloud

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Swift	Before 1.7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 16

Configuration C

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Gluster Storage Management Console	Version 2.0
Redhat Gluster Storage Server For On Premise	Version 2.0
Redhat Storage	Version 2.0
Redhat Storage For Public Cloud	Version 2.0

Related CWEs

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (22)

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html

Source: secalert@redhat.com

Mailing List

http://rhn.redhat.com/errata/RHSA-2012-1379.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0691.html

Source: secalert@redhat.com

Not Applicable

http://www.openwall.com/lists/oss-security/2012/09/05/16

Source: secalert@redhat.com

Mailing List

http://www.openwall.com/lists/oss-security/2012/09/05/4

Source: secalert@redhat.com

Mailing List

http://www.securityfocus.com/bid/55420

Source: secalert@redhat.com

Broken Link

https://bugs.launchpad.net/swift/+bug/1006414

Source: secalert@redhat.com

Issue TrackingPatch

https://bugzilla.redhat.com/show_bug.cgi?id=854757

Source: secalert@redhat.com

Issue TrackingPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/79140

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a

Source: secalert@redhat.com

Patch

https://launchpad.net/swift/+milestone/1.7.0

Source: secalert@redhat.com

Release Notes

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://rhn.redhat.com/errata/RHSA-2012-1379.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0691.html

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

http://www.openwall.com/lists/oss-security/2012/09/05/16

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.openwall.com/lists/oss-security/2012/09/05/4

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.securityfocus.com/bid/55420

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://bugs.launchpad.net/swift/+bug/1006414

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://bugzilla.redhat.com/show_bug.cgi?id=854757

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/79140

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://launchpad.net/swift/+milestone/1.7.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

Timeline

No history available yet.