CVE-2014-3632
published 2014-10-07CVE-2014-3632: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform…
PriorityP338high7.6CVSS 2.0
AVNACHAuNCCICAC
EPSS
2.50%
82.7th percentile
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | neutron | — | — |
| openstack | neutron | 2014.1 – 2014.1.2 | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_debian7.6LOW
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
openstack-neutron: regression of fix for CVE-2013-6433
vendor_redhat·2014-09-12·CVSS 7.6
CVE-2014-3632 [HIGH] openstack-neutron: regression of fix for CVE-2013-6433
openstack-neutron: regression of fix for CVE-2013-6433
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
It was discovered that the openstack-neutron package in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6 was released with a sudoers file containing a configuration error. This error caused OpenStack Networking to be vulnerable to the CVE-2013-6433 issue.
Package: openstack-neutron (Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7) - Not affect
Debian
CVE-2014-3632: neutron - The default configuration in a sudoers file in the Red Hat openstack-neutron pac...
vendor_debian·2014·CVSS 7.6
CVE-2014-3632 [HIGH] CVE-2014-3632: neutron - The default configuration in a sudoers file in the Red Hat openstack-neutron pac...
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-hr9q-fc36-qcfj: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014
ghsa_unreviewed·2022-05-14·CVSS 7.6
CVE-2014-3632 [HIGH] GHSA-hr9q-fc36-qcfj: The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
No detection rules found.
No public exploits indexed.
2014-10-07
Published