CVE-2012-3449 in openvswitch
Summary
by MITRE
Open vSwitch 1.4.2 uses world writable permissions for (1) /var/lib/openvswitch/pki/controllerca/incoming/ and (2) /var/lib/openvswitch/pki/switchca/incoming/, which allows local users to delete and overwrite arbitrary files.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 12/07/2021
The vulnerability described in CVE-2012-3449 represents a critical privilege escalation issue within Open vSwitch version 1.4.2, a widely deployed virtual switch implementation in cloud and virtualized environments. This flaw stems from improper directory permissions that create a persistent security weakness accessible to local users. The affected directories are specifically configured with world-writable permissions, meaning any user account on the system can modify or remove files within these paths. This configuration creates an exploitable condition that directly violates fundamental security principles of least privilege and access control enforcement.
The technical nature of this vulnerability aligns with CWE-732, which addresses improper permission assignment, and demonstrates how inadequate file system permissions can lead to serious security consequences. The affected paths represent certificate management directories within the Open vSwitch PKI infrastructure, where controller certificates and switch certificates are managed. These directories contain sensitive cryptographic materials and configuration files that are critical to maintaining the integrity and security of virtual network communications. The world-writable permissions on the incoming directories specifically allow malicious users to manipulate certificate files, potentially enabling man-in-the-middle attacks, certificate forgery, or complete network isolation of virtual machines.
The operational impact of this vulnerability extends beyond simple file manipulation, as it fundamentally compromises the security posture of any system running Open vSwitch 1.4.2. Local attackers can exploit this weakness to delete critical certificate files, overwrite them with malicious content, or create symbolic links to system files, potentially leading to privilege escalation or complete system compromise. The vulnerability is particularly concerning in multi-tenant cloud environments where different users share the same physical infrastructure, as it allows one user to affect the security of other users' virtual networks. This weakness can also enable attackers to disrupt network services, create backdoors, or establish persistent access points within the virtualized network infrastructure.
From an attack perspective, this vulnerability maps to multiple ATT&CK techniques including privilege escalation through access token manipulation and persistence via modification of system components. The exploitation process requires minimal technical expertise, making it particularly dangerous as it can be leveraged by attackers with basic system access. Organizations implementing Open vSwitch should immediately address this vulnerability through proper permission configuration, ensuring that certificate directories are owned by appropriate system users and have restrictive permissions. The recommended mitigation involves changing directory permissions to prevent world-writable access, typically using chmod 700 or similar restrictive settings, while also implementing proper access controls and monitoring for unauthorized modifications to these critical directories. This vulnerability serves as a reminder of the critical importance of proper file system permissions in security-critical applications and demonstrates how seemingly minor configuration errors can have significant operational impacts in virtualized environments.