PT-2014-2465 · Openstack+1 · Openstack Cinder+2

Darragh Oreilly

Published

2014-06-17

Updated

2014-06-20

CVE-2013-1068

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Nova (python-nova) versions 1:2013.2.3-0 through 1:2013.2.3-0ubuntu1.1 and versions 1:2014.1-0 through 1:2014.1-0ubuntu1.1 OpenStack Cinder (python-cinder) versions 1:2013.2.3-0 through 1:2013.2.3-0ubuntu1.0 and versions 1:2014.1-0 through 1:2014.1-0ubuntu1.0

Description The issue makes it easier for attackers to gain privileges by leveraging another vulnerability, due to improper sudo configuration setting.

Recommendations For OpenStack Nova (python-nova) versions 1:2013.2.3-0 through 1:2013.2.3-0ubuntu1.1, update to version 1:2013.2.3-0ubuntu1.2 or later. For OpenStack Nova (python-nova) versions 1:2014.1-0 through 1:2014.1-0ubuntu1.1, update to version 1:2014.1-0ubuntu1.2 or later. For OpenStack Cinder (python-cinder) versions 1:2013.2.3-0 through 1:2013.2.3-0ubuntu1.0, update to version 1:2013.2.3-0ubuntu1.1 or later. For OpenStack Cinder (python-cinder) versions 1:2014.1-0 through 1:2014.1-0ubuntu1.0, update to version 1:2014.1-0ubuntu1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-1068

USN-2247-1

USN-2248-1

Affected Products

Openstack Cinder

Openstack Nova

Ubuntu

PT-2014-2465 · Openstack+1 · Openstack Cinder+2

CVE-2013-1068

Weakness Enumeration

Related Identifiers

Affected Products

References · 28