Vulnerabilities > CVE-2013-4482 - Local Privilege Escalation vulnerability in LuCI
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories. http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20131121_LUCI_ON_SL6_X.NASL description A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) After installing this update, the luci service will be restarted automatically. last seen 2020-03-18 modified 2013-12-04 plugin id 71195 published 2013-12-04 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71195 title Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121) code # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(71195); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/27"); script_cve_id("CVE-2013-4481", "CVE-2013-4482"); script_name(english:"Scientific Linux Security Update : luci on SL6.x i386/x86_64 (20131121)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) After installing this update, the luci service will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1312&L=scientific-linux-errata&T=0&P=1429 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4b05a8fd" ); script_set_attribute( attribute:"solution", value:"Update the affected luci and / or luci-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:luci"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:luci-debuginfo"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/23"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL6", reference:"luci-0.26.0-48.el6")) flag++; if (rpm_check(release:"SL6", reference:"luci-debuginfo-0.26.0-48.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "luci / luci-debuginfo"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1603.NASL description Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorny of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 79165 published 2014-11-12 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79165 title CentOS 6 : luci (CESA-2013:1603) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1603 and # CentOS Errata and Security Advisory 2013:1603 respectively. # include("compat.inc"); if (description) { script_id(79165); script_version("1.6"); script_cvs_date("Date: 2020/01/06"); script_cve_id("CVE-2013-4481", "CVE-2013-4482"); script_bugtraq_id(63854, 63859); script_xref(name:"RHSA", value:"2013:1603"); script_name(english:"CentOS 6 : luci (CESA-2013:1603)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorny of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-cr-announce/2013-November/001004.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?54c30406" ); script_set_attribute(attribute:"solution", value:"Update the affected luci package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4482"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:luci"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/23"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-6", reference:"luci-0.26.0-48.el6.centos")) flag++; if (flag) { cr_plugin_caveat = '\n' + 'NOTE: The security advisory associated with this vulnerability has a\n' + 'fixed package version that may only be available in the continuous\n' + 'release (CR) repository for CentOS, until it is present in the next\n' + 'point release of CentOS.\n\n' + 'If an equal or higher package level does not exist in the baseline\n' + 'repository for your major version of CentOS, then updates from the CR\n' + 'repository will need to be applied in order to address the\n' + 'vulnerability.\n'; security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + cr_plugin_caveat ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "luci"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1603.NASL description Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorny of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 71008 published 2013-11-21 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71008 title RHEL 6 : luci (RHSA-2013:1603) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1603. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(71008); script_version("1.15"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-4481", "CVE-2013-4482"); script_bugtraq_id(63854, 63859); script_xref(name:"RHSA", value:"2013:1603"); script_name(english:"RHEL 6 : luci (RHSA-2013:1603)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated luci packages that fix two security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Luci is a web-based high availability administration application. A flaw was found in the way the luci service was initialized. If a system administrator started the luci service from a directory that was writable to by a local user, that user could use this flaw to execute arbitrary code as the root or luci user. (CVE-2013-4482) A flaw was found in the way luci generated its configuration file. The file was created as world readable for a short period of time, allowing a local user to gain access to the authentication secrets stored in the configuration file. (CVE-2013-4481) These issues were discovered by Jan Pokorny of Red Hat. These updated luci packages include numerous bug fixes and two enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 6.5 Technical Notes, linked to in the References, for information on the most significant of these changes. All luci users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, the luci service will be restarted automatically." ); # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c6b506c4" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1603" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4481" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-4482" ); script_set_attribute( attribute:"solution", value:"Update the affected luci and / or luci-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:luci"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:luci-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/11/23"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1603"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"luci-0.26.0-48.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"luci-0.26.0-48.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"i686", reference:"luci-debuginfo-0.26.0-48.el6")) flag++; if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"luci-debuginfo-0.26.0-48.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "luci / luci-debuginfo"); } }
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|