Privilege Escalation

2019-01-1509:02:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

JSON

openstack-neutron is vulnerable to privilege escalation attacks. The vulnerability exists as the default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.

CPENameOperatorVersion
openstack-neutroneq2013.2.3__7.el6ost
openstack-neutroneq2013.2__16.el6ost
openstack-neutroneq2013.2.2__5.el6ost
openstack-neutroneq2014.1.2__2.el6ost
openstack-neutroneq2014.1.1__4.el6ost
openstack-neutroneq2013.2.3__16.el6ost
openstack-neutroneq2013.2.2__1.el6ost
openstack-neutroneq2013.2.3__14.el6ost
openstack-neutroneq2013.2.1__4.el6ost
openstack-neutroneq2013.2.3__7.el6ost

Name	Operator	Version
openstack-neutron	eq	2013.2.3__7.el6ost
openstack-neutron	eq	2013.2__16.el6ost
openstack-neutron	eq	2013.2.2__5.el6ost
openstack-neutron	eq	2014.1.2__2.el6ost
openstack-neutron	eq	2014.1.1__4.el6ost
openstack-neutron	eq	2013.2.3__16.el6ost
openstack-neutron	eq	2013.2.2__1.el6ost
openstack-neutron	eq	2013.2.3__14.el6ost
openstack-neutron	eq	2013.2.1__4.el6ost
openstack-neutron	eq	2013.2.3__7.el6ost