CVE-2013-1057

MAAS <13.10 - Code Injection

Title source: llm
STIX 2.1

Description

Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current working directory.

References (4)

Core 4
Core References
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2013-1
Exploit x_refsource_confirm
https://bugs.launchpad.net/maas/+bug/1158425
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55567
Various Sources x_refsource_confirm
https://launchpad.net/maas/+milestone/13.10

Scores

EPSS 0.0059
EPSS Percentile 43.9%

Details

CWE
CWE-20
Status published
Products (7)
canonical/maas 12.04.1
canonical/maas 12.04.2
canonical/maas 12.04.3
canonical/maas < 12.04.4
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 12.10
canonical/ubuntu_linux 13.04
Published Nov 18, 2013
Tracked Since Feb 18, 2026