Vulnerability in Openstack Neutron

CVE-2013-6433

The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.

EPSS: 0.016 (82.1th percentile) — read the EPSS interpretation.

Affected products

Openstack Neutron
Canonical Ubuntu_linux — versions 13.10, 14.04
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

59533 (x_refsource_SECUNIA, Third Party Advisory, third-party-advisory)
USN-2255-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
RHSA-2014:0516 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)