Bug 1039812 (CVE-2013-6433) - CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation
Summary: CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allow...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-6433
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1039816 1039817
Blocks: 1039820 1063143
TreeView+ depends on / blocked
 
Reported: 2013-12-10 04:18 UTC by Garth Mollett
Modified: 2023-05-13 00:14 UTC (History)
15 users (show)

Fixed In Version: openstack-neutron-2013.2.2-5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-07-15 07:42:03 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2014:0516 0 normal SHIPPED_LIVE Moderate: openstack-neutron security, bug fix, and enhancement update 2014-05-30 00:15:59 UTC

Description Garth Mollett 2013-12-10 04:18:12 UTC 
Kashyap Chamarthy <kchamart> reports:

It's possible for Neutron (OpenStack networking) users to pass arbitrary
config files via rootwrap[*] which allows privilege escalation
by letting user add more exec directories, change configurations of
commands using rootwrap, log more than what needs to be done, etc.
Comment 11 Martin Prpič 2014-05-15 13:36:35 UTC 
Acknowledgements:

This issue was discovered by Kashyap Chamarthy of Red Hat.
Comment 15 errata-xmlrpc 2014-05-29 20:18:00 UTC 
This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0516 https://rhn.redhat.com/errata/RHSA-2014-0516.html
Note You need to log in before you can comment on or make changes to this bug.