Ubuntu 12.04 LTS / 12.10 / 13.10 : maas vulnerabilities (USN-2105-1)

Ubuntu Security Notice (C) 2014 Canonical, Inc. / NASL script (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote Ubuntu host is missing one or more security-related patches.

Description :

James Troup discovered that MAAS stored RabbitMQ authentication
credentials in a world-readable file. A local authenticated user could
read this password and potentially gain privileges of other user
accounts. This update restricts the file permissions to prevent
unintended access. (CVE-2013-1069)

Chris Glass discovered that the MAAS API was vulnerable to cross-site
scripting vulnerabilities. With cross-site scripting vulnerabilities,
if a user were tricked into viewing a specially crafted page, a remote
attacker could exploit this to modify the contents, or steal
confidential data, within the same domain. (CVE-2013-1070).

Solution :

Update the affected maas-region-controller and / or python-django-maas

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 72503 ()

Bugtraq ID: 65569

CVE ID: CVE-2013-1069