{"id":"DEBIAN-CVE-2012-3447","details":"virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361.","modified":"2026-04-28T20:07:50.810808Z","published":"2012-08-20T18:55:03.293Z","upstream":["CVE-2012-3447"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2012-3447"}],"affected":[{"package":{"name":"nova","ecosystem":"Debian:11","purl":"pkg:deb/debian/nova?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2012.1.1-6"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3447.json"}},{"package":{"name":"nova","ecosystem":"Debian:12","purl":"pkg:deb/debian/nova?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2012.1.1-6"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3447.json"}},{"package":{"name":"nova","ecosystem":"Debian:13","purl":"pkg:deb/debian/nova?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2012.1.1-6"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3447.json"}},{"package":{"name":"nova","ecosystem":"Debian:14","purl":"pkg:deb/debian/nova?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2012.1.1-6"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2012-3447.json"}}],"schema_version":"1.7.5"}