CVE-2013-1068 — MEDIUM (5.0)

Vulnerability Description

The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Canonical	Ubuntu Linux	13.10

Related Weaknesses (CWE)

CWE-264

References

http://ubuntu.com/usn/usn-2248-1PatchVendor Advisory
http://www.ubuntu.com/usn/USN-2247-1PatchVendor Advisory
http://ubuntu.com/usn/usn-2248-1PatchVendor Advisory
http://www.ubuntu.com/usn/USN-2247-1PatchVendor Advisory

FAQ

What is CVE-2013-1068?

CVE-2013-1068 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3...

How severe is CVE-2013-1068?

CVE-2013-1068 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1068?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux.