Open Stack

** Changed in: python-muranoclient
    Milestone: 0.8.0 => 0.6.3

-- 
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1378172

Title:
  Insecure tmp file creation in python-muranoclient

Status in python-muranoclient:
  Fix Committed

Bug description:
  ./python-muranoclient/muranoclient/v1/shell.py:258:
  archive_name = args.output or tempfile.mktemp(prefix="murano_")

      try:
          if args.template:
              directory_path = hot_package.prepare_package(args)
          else:
              directory_path = mpl_package.prepare_package(args)

          archive_name = args.output or
  tempfile.mktemp(prefix="murano_")

          _make_archive(archive_name, directory_path)
          print("Application package is available at " +
                os.path.abspath(archive_name))

  
  this is highly insecure and allows an attacker to modify the contents of the archive, assuming no arg name was passed. This code does not appear to be used, but is still CVE worthy as the code may be used (ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1692). Exploitation of this vuln would appear to lead to code execution (e.g. modify the archive package which is then used while deploying systems).

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-muranoclient/+bug/1378172/+subscriptions