Ubuntu Update For Maas USN-2013-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

It was discovered that maas-import-pxe-files incorrectly loaded configuration information from the current working directory. A local attacker could execute code as an administrator if maas-import-pxe-files were run from an attacker-controlled directory. (CVE-2013-1057) It was discovered that maas-import-pxe-files doesn't cryptographically verify downloaded content. An attacker could modify images without detection. (CVE-2013-1058)

Affected

maas on Ubuntu 13.04 , Ubuntu 12.10 , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2013-1057, CVE-2013-1058

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Ubuntu Update for curl USN-2048-1
Ubuntu Update for clamav USN-1179-1
Ubuntu Update for dbus USN-1576-2
Ubuntu Update for curl USN-2058-1
Ubuntu Update for aptdaemon USN-1414-1

Ubuntu Update for maas USN-2013-1

Take action and discover your vulnerabilities