CVE-2013-1069

Published: 13 February 2014

Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.

Priority

Status

Package	Release	Status
maas Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Released (1.2+bzr1373+dfsg-0ubuntu1~12.04.5)
	quantal	Released (1.2+bzr1373+dfsg-0ubuntu1.2)
	raring	Ignored (end of life)
	saucy	Released (1.4+bzr1693+dfsg-0ubuntu2.3)
	upstream	Pending

References

https://ubuntu.com/security/notices/USN-2105-1
https://www.cve.org/CVERecord?id=CVE-2013-1069
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/ubuntu/+source/maas/+bug/1254034

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›