Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 503694 (CVE-2012-6639) - <app-emulation/cloud-init-0.7.2 : insecure transmission of EC2 instance data can lead to root privilege escalation (CVE-2012-6639)
Summary: <app-emulation/cloud-init-0.7.2 : insecure transmission of EC2 instance data ...
Alias: CVE-2012-6639
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [noglsa]
Depends on:
Reported: 2014-03-07 06:10 UTC by Agostino Sarubbo
Modified: 2014-03-07 06:11 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-03-07 06:10:05 UTC
From ${URL} :

It was reported [1],[2] that cloud-init could send requests for EC2 instance data to untrusted 
systems.  This could allow someone who has control over a suitable domain name to obtain root 
rights on an affected system.

This issue was found and silently fixed in 2012; version 0.7.0 contains the fix [3].

Comment 1 Agostino Sarubbo gentoo-dev 2014-03-07 06:11:17 UTC
Filed for tracking purpose.