Privilege Escalation in Red Hat OpenStack Neutron
CVE-2013-6433

Currently unrated

Key Information:

Vendor: Openstack
Status: Neutron
Vendor: CVE Published:; 2 June 2014

Summary

The Red Hat OpenStack Neutron package, prior to version 2013.2.3-7, features a flawed default configuration that fails to properly secure the rootwrap configuration file. This oversight permits remote attackers to exploit this weakness by delivering a crafted configuration file, ultimately allowing them to escalate their privileges within the system. It is crucial for organizations using this version to apply updates and secure their configurations to mitigate the risk of unauthorized access.

References

http://secunia.com/advisories/59533

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-2255-1

vendor-advisoryx_refsource_UBUNTU

http://rhn.redhat.com/errata/RHSA-2014-0516.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Jun 2, 2014
Vulnerability Reserved
Nov 4, 2013