Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-1057

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

Related bugs and status

CVE-2013-1057 (Candidate) is related to these bugs:

Bug #1158425: maas-import-pxe-files sources path-relative config

		In	Importance	Status
1158425	maas-import-pxe-files sources path-relative config	MAAS	Critical	Fix Released
1158425	maas-import-pxe-files sources path-relative config	MAAS 1.2	Critical	Fix Released
1158425	maas-import-pxe-files sources path-relative config	MAAS 1.3	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
CONFIRM: https://launchpad.net/...
UBUNTU: USN-2013-1
SECUNIA: 55567