MAAS

maas-import-pxe-files sources path-relative config

Bug #1158425 reported by dann frazier on 2013-03-21

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
MAAS	Fix Released	Critical	Julian Edwards	MAAS 13.10 "saucy"
1.2	Fix Released	Critical	Julian Edwards
1.3	Fix Released	Critical	Julian Edwards

Bug Description

From /usr/sbin/maas-import-pxe-files:

# Load settings if available.
settings="/etc/maas/import_pxe_files"
[ -r $settings ] && . $settings
local_settings="$(pwd)/$settings"
[ -r $local_settings ] && . $local_settings

Consider what would happen if the admin runs this from /tmp and an unprivileged user has created their own /tmp/etc/maas/import_pxe_files file.

Related branches

lp:ubuntu/precise-security/maas

lp:ubuntu/quantal-security/maas

lp:ubuntu/raring-security/maas

lp:ubuntu/quantal-updates/maas

CVE References

2013-1057

Julian Edwards (julian-edwards) on 2013-05-24

Changed in maas:
status:	New → Triaged
importance:	Undecided → Critical

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2013-05-30:

This is CVE-2013-1057

Julian Edwards (julian-edwards) on 2013-09-18

information type:

Private Security → Public

Julian Edwards (julian-edwards) on 2013-10-17

Changed in maas:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.