1039812 – (CVE-2013-6433) CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation

Bug 1039812 (CVE-2013-6433) - CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allows potential privilege escalation

Summary: CVE-2013-6433 openstack-quantum/openstack-neutron: rootwrap sudo config allow...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-6433
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1039816 1039817
Blocks:	1039820 1063143
TreeView+	depends on / blocked

Reported:	2013-12-10 04:18 UTC by Garth Mollett
Modified:	2021-02-17 07:05 UTC (History)
CC List:	15 users (show)
Fixed In Version:	openstack-neutron-2013.2.2-5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-07-15 07:42:03 UTC

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2014:0516	0	normal	SHIPPED_LIVE	Moderate: openstack-neutron security, bug fix, and enhancement update	2014-05-30 00:15:59 UTC

Description Garth Mollett 2013-12-10 04:18:12 UTC

Kashyap Chamarthy <kchamart> reports:

It's possible for Neutron (OpenStack networking) users to pass arbitrary
config files via rootwrap[*] which allows privilege escalation
by letting user add more exec directories, change configurations of
commands using rootwrap, log more than what needs to be done, etc.

Comment 11 Martin Prpič 2014-05-15 13:36:35 UTC

Acknowledgements:

This issue was discovered by Kashyap Chamarthy of Red Hat.

Comment 15 errata-xmlrpc 2014-05-29 20:18:00 UTC

This issue has been addressed in following products:

  OpenStack 4 for RHEL 6

Via RHSA-2014:0516 https://rhn.redhat.com/errata/RHSA-2014-0516.html

Note You need to log in before you can comment on or make changes to this bug.