CVE-2013-1068

2014-06-1700:00:00

ubuntu.com

0.001 Low

EPSS

Percentile

48.5%

JSON

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before
1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and
Openstack Cinder (python-cinder) package 1:2013.2.3-0 before
1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu
13.10 and 14.04 LTS does not properly set the sudo configuration, which
makes it easier for attackers to gain privileges by leveraging another
vulnerability.

Bugs

<https://launchpad.net/bugs/1185019>

Notes

Author	Note
jdstrand	only affects Folsom (Ubuntu 12.10) and higher. Essex did not have rootwrap.conf see CVE-2013-6433 medium because while this is a privilege escalation, it requires another vulnerability to exploit

OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchcinder< 1:2013.2.3-0ubuntu1.1UNKNOWN
ubuntu14.04noarchcinder< 1:2014.1-0ubuntu1.1UNKNOWN
ubuntu13.10noarchnova< 1:2013.2.3-0ubuntu1.2UNKNOWN
ubuntu14.04noarchnova< 1:2014.1-0ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.10	noarch	cinder	< 1:2013.2.3-0ubuntu1.1	UNKNOWN
ubuntu	14.04	noarch	cinder	< 1:2014.1-0ubuntu1.1	UNKNOWN
ubuntu	13.10	noarch	nova	< 1:2013.2.3-0ubuntu1.2	UNKNOWN
ubuntu	14.04	noarch	nova	< 1:2014.1-0ubuntu1.2	UNKNOWN