|Package(s):||maas||CVE #(s):||CVE-2013-1057 CVE-2013-1058|
|Created:||November 7, 2013||Updated:||November 13, 2013|
From the Ubuntu advisory:
It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. (CVE-2013-1057)
It was discovered that maas-import-pxe-files doesn't cryptographically verify downloaded content. An attacker could modify images without detection. (CVE-2013-1058)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds