CVE-2012-4406 Information

Description

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached which allows remote attackers to execute arbitrary code via a crafted pickle object.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html http://rhn.redhat.com/errata/RHSA-2012-1379.html http://rhn.redhat.com/errata/RHSA-2013-0691.html http://www.openwall.com/lists/oss-security/2012/09/05/16 http://www.openwall.com/lists/oss-security/2012/09/05/4 http://www.securityfocus.com/bid/55420 https://bugs.launchpad.net/swift/+bug/1006414 https://bugzilla.redhat.com/show_bug.cgi?id=854757 https://exchange.xforce.ibmcloud.com/vulnerabilities/79140 https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a https://launchpad.net/swift/+milestone/1.7.0