CVE-2013-6433
Published: 2 June 2014
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
Notes
Author | Note |
---|---|
jdstrand | medium because while the issue is privilege escalation, it requires another flaw to exploit the Ubuntu 14.10 1:2014.2~b1-0ubuntu3 upload mistakenly references CVE-2013-1068 |
Priority
Status
Package | Release | Status |
---|---|---|
neutron Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Released
(1:2013.2.3-0ubuntu1.5)
|
|
trusty |
Released
(1:2014.1-0ubuntu1.3)
|
|
upstream |
Not vulnerable
|
|
quantum Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Not vulnerable
|