CVE-2013-1057

2013-11-1802:55:05

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

Node

canonicalmaasRange≤12.04.4

canonicalmaasMatch12.04.1

canonicalmaasMatch12.04.2

canonicalmaasMatch12.04.3

VendorProductVersionCPE
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
canonicalubuntu_linux12.10cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
canonicalubuntu_linux13.04cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
canonicalmaas*cpe:2.3:a:canonical:maas:*:*:*:*:*:*:*:*
canonicalmaas12.04.1cpe:2.3:a:canonical:maas:12.04.1:*:*:*:*:*:*:*
canonicalmaas12.04.2cpe:2.3:a:canonical:maas:12.04.2:*:*:*:*:*:*:*
canonicalmaas12.04.3cpe:2.3:a:canonical:maas:12.04.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
canonical	ubuntu_linux	12.10	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
canonical	ubuntu_linux	13.04	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*
canonical	maas	*	cpe:2.3:a:canonical:maas::::::::
canonical	maas	12.04.1	cpe:2.3:a:canonical:maas:12.04.1:::::::*
canonical	maas	12.04.2	cpe:2.3:a:canonical:maas:12.04.2:::::::*
canonical	maas	12.04.3	cpe:2.3:a:canonical:maas:12.04.3:::::::*