Published: 19/06/2014 Updated: 20/06/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The OpenStack Nova (python-nova) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 prior to 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 prior to 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for malicious users to gain privileges by leveraging another vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 14.04
canonical ubuntu linux 13.10

Debian Bug report logs - #753579 nova: CVE-2013-1068: local privilege escalation Package: nova-common; Maintainer for nova-common is Debian OpenStack <team+openstack@trackerdebianorg>; Source for nova-common is src:nova (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Thu, 3 Jul 2014 09:42:01 UT ...

Several security issues were fixed in OpenStack Nova ...

OpenStack Cinder could be made to run programs as an administrator under certain conditions ...

CWE-264 http://ubuntu.com/usn/usn-2248-1 http://www.ubuntu.com/usn/USN-2247-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753579 https://nvd.nist.gov https://usn.ubuntu.com/2247-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1068

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect