CVE-2013-1068
Published: 17 June 2014
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.
Notes
| Author | Note |
|---|---|
| jdstrand | only affects Folsom (Ubuntu 12.10) and higher. Essex did not have rootwrap.conf see CVE-2013-6433 medium because while this is a privilege escalation, it requires another vulnerability to exploit |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
cinder Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| saucy |
Released
(1:2013.2.3-0ubuntu1.1)
|
|
| trusty |
Released
(1:2014.1-0ubuntu1.1)
|
|
| upstream |
Not vulnerable
|
|
|
nova Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| saucy |
Released
(1:2013.2.3-0ubuntu1.2)
|
|
| trusty |
Released
(1:2014.1-0ubuntu1.2)
|
|
| upstream |
Not vulnerable
|