CVE-2013-6433
published 2014-06-02CVE-2013-6433: The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows…
PriorityP340high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
3.32%
87.1th percentile
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | neutron | < neutron 2014.1-1 (bookworm) | neutron 2014.1-1 (bookworm) |
| debian | neutron | — | — |
| openstack | neutron | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | neutron | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | neutron | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | neutron | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | neutron | >= 0 < 1:2014.1-0ubuntu1.3 | 1:2014.1-0ubuntu1.3 |
| openstack | neutron | 2013.1 – 2013.2.3 | — |
| openstack | neutron | 2014.1 – 2014.1.2 | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
osv7.6HIGH
vendor_debian7.6LOW
vendor_redhat7.6HIGH
vendor_ubuntu7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openstack-neutron: regression of fix for CVE-2013-6433
vendor_redhat·2014-09-12·CVSS 7.6
CVE-2014-3632 [HIGH] openstack-neutron: regression of fix for CVE-2013-6433
openstack-neutron: regression of fix for CVE-2013-6433
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Package: openstack-neutron (Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7) - Not affect
Ubuntu
OpenStack Neutron vulnerabilities
vendor_ubuntu·2014-06-25·CVSS 7.6
CVE-2013-6433 [HIGH] OpenStack Neutron vulnerabilities
Title: OpenStack Neutron vulnerabilities
Summary: Several security issues were fixed in OpenStack Neutron.
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Neutron, this vulnerability could be used to escalate
privileges. (CVE-2013-6433)
Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in
OpenStack Neutron did not properly perform input validation when creating
security group rules when specifying --remote-ip-prefix. A remote
authenticated attacker could exploit this to prevent application of
additional rules. (CVE-2014-0187)
Thiago Martins discovered that OpenStack Neutron would inappropriately
apply SNAT rules to IPv6 subnets when using the L3-agen
Red Hat
openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
vendor_redhat·2014-05-29·CVSS 7.6
CVE-2013-6433 [HIGH] openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
Package: openstack-quantum (Red Hat OpenStack Platform 3) - Will not fix
Debian
CVE-2014-3632: neutron - The default configuration in a sudoers file in the Red Hat openstack-neutron pac...
vendor_debian·2014·CVSS 7.6
CVE-2014-3632 [HIGH] CVE-2014-3632: neutron - The default configuration in a sudoers file in the Red Hat openstack-neutron pac...
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2013-6433: neutron - The default configuration in the Red Hat openstack-neutron package before 2013.2...
vendor_debian·2013·CVSS 7.6
CVE-2013-6433 [HIGH] CVE-2013-6433: neutron - The default configuration in the Red Hat openstack-neutron package before 2013.2...
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
Scope: local
bookworm: resolved (fixed in 2014.1-1)
bullseye: resolved (fixed in 2014.1-1)
forky: resolved (fixed in 2014.1-1)
sid: resolved (fixed in 2014.1-1)
trixie: resolved (fixed in 2014.1-1)
GHSA
GHSA-943v-q963-5fvx: The default configuration in the Red Hat openstack-neutron package before 2013
ghsa_unreviewed·2022-05-14
CVE-2013-6433 [HIGH] GHSA-943v-q963-5fvx: The default configuration in the Red Hat openstack-neutron package before 2013
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
GHSA
GHSA-hr9q-fc36-qcfj: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014
ghsa_unreviewed·2022-05-14·CVSS 7.6
CVE-2014-3632 [HIGH] GHSA-hr9q-fc36-qcfj: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
OSV
neutron vulnerabilities
osv·2014-06-25·CVSS 7.6
CVE-2013-6433 [HIGH] neutron vulnerabilities
neutron vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron
did not properly set up its sudo configuration. If a different flaw was
found in OpenStack Neutron, this vulnerability could be used to escalate
privileges. (CVE-2013-6433)
Stephen Ma and Christoph Thiel discovered that the openvswitch-agent in
OpenStack Neutron did not properly perform input validation when creating
security group rules when specifying --remote-ip-prefix. A remote
authenticated attacker could exploit this to prevent application of
additional rules. (CVE-2014-0187)
Thiago Martins discovered that OpenStack Neutron would inappropriately
apply SNAT rules to IPv6 subnets when using the L3-agent. A remote
authenticated attacker could exploit this to prevent floating IPv4
addre
OSV
CVE-2013-6433: The default configuration in the Red Hat openstack-neutron package before 2013
osv·2014-06-02·CVSS 7.6
CVE-2013-6433 [HIGH] CVE-2013-6433: The default configuration in the Red Hat openstack-neutron package before 2013
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
bugzilla·2014-09-12·CVSS 7.6
CVE-2014-3632 [HIGH] CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
CVE-2014-3632 openstack-neutron: regression of fix for CVE-2013-6433
IssueDescription:
It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Discussion:
This issue has been addressed in the following products:
OpenStack 5 for RHEL 6
Via RHSA-2014:1339 https://rhn.redhat.com/errata/RHSA-2014-1339.html
Bugzilla
CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
bugzilla·2013-12-10·CVSS 7.6
CVE-2013-6433 [HIGH] CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
Kashyap Chamarthy reports:
It's possible for Neutron (OpenStack networking) users to pass arbitrary
config files via rootwrap[*] which allows privilege escalation
by letting user add more exec directories, change configurations of
commands using rootwrap, log more than what needs to be done, etc.
Discussion:
Acknowledgements:
This issue was discovered by Kashyap Chamarthy of Red Hat.
---
This issue has been addressed in following products:
OpenStack 4 for RHEL 6
Via RHSA-2014:0516 https://rhn.redhat.com/errata/RHSA-2014-0516.html
http://rhn.redhat.com/errata/RHSA-2014-0516.htmlhttp://secunia.com/advisories/59533http://www.ubuntu.com/usn/USN-2255-1https://bugzilla.redhat.com/show_bug.cgi?id=1039812http://rhn.redhat.com/errata/RHSA-2014-0516.htmlhttp://secunia.com/advisories/59533http://www.ubuntu.com/usn/USN-2255-1https://bugzilla.redhat.com/show_bug.cgi?id=1039812
2014-06-02
Published