User: Password:
Subscribe / Log in / New account

maas: two vulnerabilities

Package(s):maas CVE #(s):CVE-2013-1057 CVE-2013-1058
Created:November 7, 2013 Updated:November 13, 2013

From the Ubuntu advisory:

It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. (CVE-2013-1057)

It was discovered that maas-import-pxe-files doesn't cryptographically verify downloaded content. An attacker could modify images without detection. (CVE-2013-1058)

Ubuntu USN-2013-1 maas 2013-11-06

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds