| Summary: |
<app-emulation/cloud-init-0.7.2 : insecure transmission of EC2 instance data can lead to root privilege escalation (CVE-2012-6639) |
| Product: |
Gentoo Security
|
Reporter: |
Agostino Sarubbo <ago> |
| Component: |
Vulnerabilities | Assignee: |
Gentoo Security <security> |
| Status: |
RESOLVED
FIXED
|
|
|
| Severity: |
trivial
|
CC: |
prometheanfire, python
|
| Priority: |
Normal
|
|
|
| Version: |
unspecified | |
|
| Hardware: |
All | |
|
| OS: |
Linux | |
|
| URL: |
https://bugzilla.redhat.com/show_bug.cgi?id=1073591
|
| Whiteboard: |
~1 [noglsa] |
|
Package list:
|
|
Runtime testing required:
|
---
|
|---|
From ${URL} : It was reported [1],[2] that cloud-init could send requests for EC2 instance data to untrusted systems. This could allow someone who has control over a suitable domain name to obtain root rights on an affected system. This issue was found and silently fixed in 2012; version 0.7.0 contains the fix [3]. [1] http://seclists.org/oss-sec/2014/q1/514 [2] https://bugs.launchpad.net/cloud-init/+bug/1040200 [3] http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/revision/635