CVE-2013-1060

Name of the Vulnerable Software and Affected Versions Ubuntu versions 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10

Description The issue concerns a Ubuntu build procedure for perf, distributed in Linux kernel packages. It sets the HOME environment variable to the ~buildd directory, causing the system configuration file to be read from this directory. This allows local users to gain privileges by exploiting control over the buildd account.

Recommendations For Ubuntu versions 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, consider modifying the build procedure to set the HOME environment variable to a secure directory, preventing local users from gaining privileges through the buildd account. At the moment, there is no information about a newer version that contains a fix for this vulnerability.