CVE-2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

Published: Nov 18, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1057
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / maas	12.04.1	12.04.1.x
canonical / maas	12.04.3	12.04.3.x
canonical / maas	-	12.04.4.x
canonical / maas	12.04.2	12.04.2.x

http://secunia.com/advisories/55567
http://ubuntu.com/usn/usn-2013-1
https://bugs.launchpad.net/maas/+bug/1158425
https://launchpad.net/maas/+milestone/13.10

Vulnerability Database

CVE-2013-1057