CVE-2015-3156 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2015-3156 Interim 1 8 2025-04-22T23:47:54Z current 2021-05-30T13:29:26Z 2025-04-22T23:47:54Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2015-3156 The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2016-March/001925.html E-Mail link for SUSE-SU-2016:0739-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 5 openstack-trove-2014.2.4.juno-15.1 openstack-trove-api-2014.2.4.juno-15.1 openstack-trove-conductor-2014.2.4.juno-15.1 openstack-trove-doc-2014.2.4.juno-15.1 openstack-trove-guestagent-2014.2.4.juno-15.1 openstack-trove-taskmanager-2014.2.4.juno-15.1 python-trove-2014.2.4.juno-15.1 openstack-trove-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 openstack-trove-api-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 openstack-trove-conductor-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 openstack-trove-doc-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 openstack-trove-guestagent-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 openstack-trove-taskmanager-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 python-trove-2014.2.4.juno-15.1 as a component of SUSE OpenStack Cloud 5 The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_configuration function in trove/guestagent/datastore/experimental/postgresql/service/config.py, write_config function in trove/guestagent/datastore/experimental/redis/service.py, _write_mycnf function in trove/guestagent/datastore/mysql/service.py, InnoBackupEx::_run_prepare function in trove/guestagent/strategies/restore/mysql_impl.py, InnoBackupEx::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, MySQLDump::cmd in trove/guestagent/strategies/backup/mysql_impl.py, InnoBackupExIncremental::cmd function in trove/guestagent/strategies/backup/mysql_impl.py, _get_actual_db_status function in trove/guestagent/datastore/experimental/cassandra/system.py and trove/guestagent/datastore/experimental/cassandra/service.py, and multiple class CbBackup methods in trove/guestagent/strategies/backup/experimental/couchbase_impl.py in Openstack DBaaS (aka Trove) as packaged in Openstack before 2015.1.0 (aka Kilo) allows local users to write to configuration files via a symlink attack on a temporary file. CVE-2015-3156 SUSE OpenStack Cloud 5:openstack-trove-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:openstack-trove-api-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:openstack-trove-conductor-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:openstack-trove-doc-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:openstack-trove-guestagent-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:openstack-trove-taskmanager-2014.2.4.juno-15.1 SUSE OpenStack Cloud 5:python-trove-2014.2.4.juno-15.1 low 3.8 AV:A/AC:M/Au:S/C:P/I:N/A:P 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N