CVE-2013-4482

Name of the Vulnerable Software and Affected Versions Luci version 0.26.0

Description The issue allows local users to gain privileges via a Trojan horse .egg-info file in the current working directory or its parent directories, due to an untrusted search path vulnerability in python-paste-script (aka paster) when started using the initscript.

Recommendations For Luci version 0.26.0, consider restricting access to the python-paste-script module until a patch is available, and avoid using the initscript to start Luci to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.