[Openstack-security] [Bug 1378172] Re: Insecure tmp file creation in python-muranoclient
Serg Melikyan
1378172 at bugs.launchpad.net
Fri Oct 2 08:22:24 UTC 2015
** No longer affects: python-muranoclient/kilo
** Changed in: python-muranoclient
Milestone: 0.7.1 => 0.8.0
** Information type changed from Private Security to Public
** Information type changed from Public to Private Security
** Changed in: python-muranoclient
Assignee: (unassigned) => Dmytro Dovbii (ddovbii)
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1378172
Title:
Insecure tmp file creation in python-muranoclient
Status in python-muranoclient:
Confirmed
Bug description:
./python-muranoclient/muranoclient/v1/shell.py:258:
archive_name = args.output or tempfile.mktemp(prefix="murano_")
try:
if args.template:
directory_path = hot_package.prepare_package(args)
else:
directory_path = mpl_package.prepare_package(args)
archive_name = args.output or
tempfile.mktemp(prefix="murano_")
_make_archive(archive_name, directory_path)
print("Application package is available at " +
os.path.abspath(archive_name))
this is highly insecure and allows an attacker to modify the contents of the archive, assuming no arg name was passed. This code does not appear to be used, but is still CVE worthy as the code may be used (ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692). Exploitation of this vuln would appear to lead to code execution (e.g. modify the archive package which is then used while deploying systems).
To manage notifications about this bug go to:
https://bugs.launchpad.net/python-muranoclient/+bug/1378172/+subscriptions
More information about the Openstack-security
mailing list