Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 503694 (CVE-2012-6639)

Summary: <app-emulation/cloud-init-0.7.2 : insecure transmission of EC2 instance data can lead to root privilege escalation (CVE-2012-6639)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: trivial CC: prometheanfire, python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~1 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-03-07 06:10:05 UTC
From ${URL} :

It was reported [1],[2] that cloud-init could send requests for EC2 instance data to untrusted 
systems.  This could allow someone who has control over a suitable domain name to obtain root 
rights on an affected system.

This issue was found and silently fixed in 2012; version 0.7.0 contains the fix [3].

Comment 1 Agostino Sarubbo gentoo-dev 2014-03-07 06:11:17 UTC
Filed for tracking purpose.