PT-2013-2848 · Canonical · Ubuntu

Published

2013-07-30

Updated

2013-10-02

CVE-2013-1060

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ubuntu versions 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10

Description The issue concerns a Ubuntu build procedure for perf, distributed in Linux kernel packages. It sets the HOME environment variable to the ~buildd directory, causing the system configuration file to be read from this directory. This allows local users to gain privileges by exploiting control over the buildd account.

Recommendations For Ubuntu versions 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, consider modifying the build procedure to set the HOME environment variable to a secure directory, preventing local users from gaining privileges through the buildd account. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-1060

USN-1938-1

USN-1939-1

USN-1940-1

USN-1941-1

USN-1942-1

USN-1943-1

USN-1944-1

USN-1945-1

USN-1946-1

USN-1947-1

Affected Products

Ubuntu

PT-2013-2848 · Canonical · Ubuntu

CVE-2013-1060

Weakness Enumeration

Related Identifiers

Affected Products

References · 27