CVE-2013-6433

CWE-26411 documents8 sources

Severity

7.6HIGH

EPSS

1.6%

top 18.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Neutron Canonical Ubuntu Linux

Timeline

PublishedJun 2

Latest updateMay 14

Description

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages3 packages

▶NVDopenstack/neutron2013.1 — 2013.2.3

▶Debianneutron< 2014.1-1+3

▶Ubuntuneutron< 1:2014.1-0ubuntu1.3

Also affects: Ubuntu Linux 13.10, 14.04

🔴Vulnerability Details

GHSA

GHSA-943v-q963-5fvx: The default configuration in the Red Hat openstack-neutron package before 2013↗2022-05-14

▶

OSV

neutron vulnerabilities↗2014-06-25

▶

OSV

CVE-2013-6433: The default configuration in the Red Hat openstack-neutron package before 2013↗2014-06-02

▶

CVEList

CVE-2013-6433: The default configuration in the Red Hat openstack-neutron package before 2013↗2014-06-02

▶

📋Vendor Advisories

Red Hat

openstack-neutron: regression of fix for CVE-2013-6433↗2014-09-12

▶

Ubuntu

OpenStack Neutron vulnerabilities↗2014-06-25

▶

Red Hat

openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation↗2014-05-29

▶

Debian

CVE-2013-6433: neutron - The default configuration in the Red Hat openstack-neutron package before 2013.2...↗2013

▶

💬Community

Bugzilla

CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433↗2014-09-12

▶

Bugzilla

CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation↗2013-12-10

▶