Open Stack

The offending code seems to have been replaced months ago as a side
effect of https://review.openstack.org/204048 (so fixed in 0.6.3), and
was originally introduced in 8468a03 which first appeared in the 0.5.3
release.

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1378172

Title:
  Insecure tmp file creation in python-muranoclient

Status in python-muranoclient:
  Confirmed

Bug description:
  ./python-muranoclient/muranoclient/v1/shell.py:258:
  archive_name = args.output or tempfile.mktemp(prefix="murano_")

      try:
          if args.template:
              directory_path = hot_package.prepare_package(args)
          else:
              directory_path = mpl_package.prepare_package(args)

          archive_name = args.output or
  tempfile.mktemp(prefix="murano_")

          _make_archive(archive_name, directory_path)
          print("Application package is available at " +
                os.path.abspath(archive_name))

  
  this is highly insecure and allows an attacker to modify the contents of the archive, assuming no arg name was passed. This code does not appear to be used, but is still CVE worthy as the code may be used (ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692). Exploitation of this vuln would appear to lead to code execution (e.g. modify the archive package which is then used while deploying systems).

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-muranoclient/+bug/1378172/+subscriptions