Date: Wed, 5 Sep 2012 10:09:03 +0200 From: Sebastian Krahmer <krahmer@...e.de> To: oss-security@...ts.openwall.com Subject: CVE-Request: openstack pickle de-serialization Hi, During openstack review we found that some parts of openstack used pickle to de-serialize data. This could be used to execute arbitrary code. Please check here: https://bugs.launchpad.net/swift/+bug/1006414 Can someone please assign a CVE, for completeness? thx, Sebastian -- ~ perl self.pl ~ $_='print"\$_=\47$_\47;eval"';eval ~ krahmer@...e.de - SuSE Security Team --- SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ