Computer Security
[EN] securityvulns.ru no-pyccku


MAAS privileg escalation
Published:18.11.2013
Source:
SecurityVulns ID:13411
Type:local
Threat Level:
5/10
Description:maas-import-pxe-files privilege escalations.
Affected:MAAS : maas-cluster-controller 1.3
CVE:CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the integrity of downloaded files, which allows remote attackers to modify these files via a man-in-the-middle (MITM) attack.)
 CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.)
Original documentdocumentUBUNTU, [USN-2013-1] MAAS vulnerabilities (18.11.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod