Ubuntu Update For Maas USN-2105-1 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

James Troup discovered that MAAS stored RabbitMQ authentication credentials in a world-readable file. A local authenticated user could read this password and potentially gain privileges of other user accounts. This update restricts the file permissions to prevent unintended access. (CVE-2013-1070) Chris Glass discovered that the MAAS API was vulnerable to cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. (CVE-2013-1069)

Affected

maas on Ubuntu 13.10 , Ubuntu 12.10 , Ubuntu 12.04 LTS

Severity

Classification

CVE CVE-2013-1069, CVE-2013-1070

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Ubuntu Update for backuppc USN-1249-1
Ubuntu Update for apt USN-1762-1
Ubuntu Update for dbus USN-1176-1
Ubuntu Update for curl USN-2097-1
Ubuntu Update for apt USN-2353-1

Ubuntu Update for maas USN-2105-1

Take action and discover your vulnerabilities