3 matches found
CVE-2013-4482
CVE-2013-4482 affects Luci 0.26.0. The vulnerability is an untrusted search path issue: when Luci is started via its initscript, a local user can exploit a Trojan horse .egg-info file in the current working directory or its parent directories to gain privileges. The issue is confirmed in multiple...
CVE-2013-4481
CVE-2013-4481 is a race-condition in Luci 0.26.0 where /var/lib/luci/etc/luci.ini is created with world-readable permissions before restricting them, enabling local users to read authentication secrets. The connected advisories/plugins indicate updated luci packages fix this issue (e.g., RHSA-201...
CVE-2014-3593
The CVE-2014-3593 entry concerns luci, affected up to version 0.26.0, where an eval() on cluster configuration inputs could be exploited by remote authenticated users with certain permissions to execute arbitrary Python code. Multiple trusted sources (Red Hat RHSA-2014:1390, CentOS/OSS advisories...