CVE-2013-1057 - OpenCVE

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Maas Ubuntu Linux

Configuration 1 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:canonical:maas::::::::
	cpe:2.3:a:canonical:maas:12.04.1:::::::*
	cpe:2.3:a:canonical:maas:12.04.2:::::::*
	cpe:2.3:a:canonical:maas:12.04.3:::::::*

References

Link	Resource
http://secunia.com/advisories/55567	Vendor Advisory
http://ubuntu.com/usn/usn-2013-1	Vendor Advisory
https://bugs.launchpad.net/maas/+bug/1158425	Exploit
https://launchpad.net/maas/+milestone/13.10

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: canonical

Published: 2022-10-03T16:14:49

Updated: 2022-10-03T16:14:49

Reserved: 2022-10-03T00:00:00

Link: CVE-2013-1057

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-11-18T02:55:05.750

Modified: 2013-11-21T17:50:00.333

Link: CVE-2013-1057

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:14:49", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "USN-2013-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-2013-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/maas/+bug/1158425"}, {"name": "55567", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/55567"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/maas/+milestone/13.10"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "ID": "CVE-2013-1057", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-2013-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-2013-1"}, {"name": "https://bugs.launchpad.net/maas/+bug/1158425", "refsource": "CONFIRM", "url": "https://bugs.launchpad.net/maas/+bug/1158425"}, {"name": "55567", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/55567"}, {"name": "https://launchpad.net/maas/+milestone/13.10", "refsource": "CONFIRM", "url": "https://launchpad.net/maas/+milestone/13.10"}]}}}}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2013-1057", "datePublished": "2022-10-03T16:14:49", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:14:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*", "matchCriteriaId": "EFAA48D9-BEB4-4E49-AD50-325C262D46D9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canonical:maas:*:*:*:*:*:*:*:*", "matchCriteriaId": "39DC5796-9A1F-4E3A-A308-E671CD5576A1", "versionEndIncluding": "12.04.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:maas:12.04.1:*:*:*:*:*:*:*", "matchCriteriaId": "305EA6BB-C24C-44A1-AA40-60362AD31802", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:maas:12.04.2:*:*:*:*:*:*:*", "matchCriteriaId": "3CBEF1FF-9714-499F-B50F-4945825EBD15", "vulnerable": true}, {"criteria": "cpe:2.3:a:canonical:maas:12.04.3:*:*:*:*:*:*:*", "matchCriteriaId": "240C821D-C3D7-4CC4-B716-CCDC7513745C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory."}, {"lang": "es", "value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en maas-import-pxe-files en MAAS anteriores a 13.10 permite a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de un fichero de configuraci\u00f3n import_pxe_files \"troyanizado\" en el directorio de trabajo actual."}], "id": "CVE-2013-1057", "lastModified": "2013-11-21T17:50:00.333", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-11-18T02:55:05.750", "references": [{"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/55567"}, {"source": "security@ubuntu.com", "tags": ["Vendor Advisory"], "url": "http://ubuntu.com/usn/usn-2013-1"}, {"source": "security@ubuntu.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/maas/+bug/1158425"}, {"source": "security@ubuntu.com", "url": "https://launchpad.net/maas/+milestone/13.10"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}