CVE-2013-1068

Published: 17 June 2014

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

Priority

Medium

Status

Package Release Status
cinder
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1-0ubuntu1.1])
nova
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1-0ubuntu1.2])

Notes

AuthorNote
jdstrand
only affects Folsom (Ubuntu 12.10) and higher. Essex did not have
rootwrap.conf
see CVE-2013-6433
medium because while this is a privilege escalation, it requires
another vulnerability to exploit

References

Bugs