Description
Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2013-1
Exploit x_refsource_confirm
https://bugs.launchpad.net/maas/+bug/1158425
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55567
Various Sources x_refsource_confirm
https://launchpad.net/maas/+milestone/13.10
Scores
EPSS
0.0059
EPSS Percentile
43.9%
Details
CWE
CWE-20
Status
published
Products (7)
canonical/maas
12.04.1
canonical/maas
12.04.2
canonical/maas
12.04.3
canonical/maas
< 12.04.4
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
Published
Nov 18, 2013
Tracked Since
Feb 18, 2026