ID CVE-2013-4482
Summary Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
References
Vulnerable Configurations
  • cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*
    cpe:2.3:a:scientificlinux:luci:0.26.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 1001836
title fence_ilo denoted as HP iLO / iLO2, but the latter has a separate entry
oval
AND
  • comment luci is earlier than 0:0.26.0-48.el6
    oval oval:com.redhat.rhsa:tst:20131603005
  • comment luci is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhsa:tst:20131603006
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2013:1603
released 2013-11-21
severity Moderate
title RHSA-2013:1603: luci security, bug fix, and enhancement update (Moderate)
rpms luci-0:0.26.0-48.el6
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=990321
Last major update 22-04-2019 - 17:48
Published 23-11-2013 - 11:55
Back to Top