NA
CVSSv3

CVE-2013-1068

CVSSv4: NA | CVSSv3: NA | CVSSv2: 5 | VMScore: 600 | EPSS: 0.00134 | KEV: Not Included
Published: 19/06/2014 Updated: 21/11/2024

Vulnerability Summary

The OpenStack Nova (python-nova) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for malicious users to gain privileges by leveraging another vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 13.10

canonical ubuntu linux 14.04

Vendor Advisories

Debian Bug report logs - #753579 nova: CVE-2013-1068: local privilege escalation Package: nova-common; Maintainer for nova-common is Debian OpenStack <team+openstack@trackerdebianorg>; Source for nova-common is src:nova (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Thu, 3 Jul 2014 09:42:01 UT ...
Several security issues were fixed in OpenStack Nova ...
OpenStack Cinder could be made to run programs as an administrator under certain conditions ...