CVE-2013-6433

Priority
Medium
Description
The default configuration in the Red Hat openstack-neutron package before
2013.2.3-7 does not properly set a configuration file for rootwrap, which
allows remote attackers to gain privileges via a crafted configuration
file.
References
Bugs
Notes
jdstrand> medium because while the issue is privilege escalation, it requires
another flaw to exploit
jdstrand> the Ubuntu 14.10 1:2014.2~b1-0ubuntu3 upload mistakenly references
CVE-2013-1068
Package
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
Package
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 13.10 (Saucy Salamander):released (1:2013.2.3-0ubuntu1.5)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1-0ubuntu1.3)
Ubuntu 14.10 (Utopic Unicorn):released (1:2014.2~b1-0ubuntu3)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-06-25 22:14:30 UTC (commit 8172)