CVE-2013-1068

Priority
Medium
Description
The OpenStack Nova (python-nova) package 1:2013.2.3-0 before
1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and
Openstack Cinder (python-cinder) package 1:2013.2.3-0 before
1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu
13.10 and 14.04 LTS does not properly set the sudo configuration, which
makes it easier for attackers to gain privileges by leveraging another
vulnerability.
References
Bugs
Notes
jdstrand> only affects Folsom (Ubuntu 12.10) and higher. Essex did not have
rootwrap.conf
jdstrand> see CVE-2013-6433
jdstrand> medium because while this is a privilege escalation, it requires
another vulnerability to exploit
Assigned-to
jdstrand
Package
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1-0ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):released (1:2014.2~b1-0ubuntu2)
Package
Source: nova (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.2)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1-0ubuntu1.2)
Ubuntu 14.10 (Utopic Unicorn):released (1:2014.2~b1-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-20 13:14:35 UTC (commit 8163)