CVE 2017-9232
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Related bugs and status
CVE-2017-9232 (Candidate) is related to these bugs:
Bug #1682411: juju-run unit root escalation vulnerability
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1682411 | juju-run unit root escalation vulnerability | Canonical Juju | Critical | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | juju (Ubuntu) | Undecided | Invalid | ||
1682411 | juju-run unit root escalation vulnerability | juju-core (Ubuntu) | Undecided | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | juju-core-1 (Ubuntu) | Undecided | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | Canonical Juju 2.0 | Critical | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | Canonical Juju 2.1 | Critical | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | Canonical Juju 2.2 | Critical | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | juju-core | Critical | Fix Released | ||
1682411 | juju-run unit root escalation vulnerability | juju-core 1.25 | Critical | Fix Released |
Bug #1718213: [SRU] Juju 2.3.1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1718213 | [SRU] Juju 2.3.1 | juju-core (Ubuntu) | Undecided | Invalid | ||
1718213 | [SRU] Juju 2.3.1 | juju-core (Ubuntu Xenial) | Undecided | Fix Released | ||
1718213 | [SRU] Juju 2.3.1 | juju-core (Ubuntu Zesty) | Undecided | Fix Released |
Bug #1727355: Juju attempts to bootstrap bionic by default
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1727355 | Juju attempts to bootstrap bionic by default | Canonical Juju | Critical | Fix Released | ||
1727355 | Juju attempts to bootstrap bionic by default | distro-info-data (Ubuntu) | High | Won't Fix | ||
1727355 | Juju attempts to bootstrap bionic by default | distro-info-data (Ubuntu Xenial) | High | Fix Released | ||
1727355 | Juju attempts to bootstrap bionic by default | distro-info-data (Ubuntu Trusty) | High | Won't Fix | ||
1727355 | Juju attempts to bootstrap bionic by default | distro-info-data (Ubuntu Artful) | Undecided | Won't Fix | ||
1727355 | Juju attempts to bootstrap bionic by default | distro-info-data (Ubuntu Zesty) | High | Fix Released | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core (Ubuntu) | Undecided | Invalid | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core (Ubuntu Artful) | Undecided | Invalid | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core (Ubuntu Trusty) | Undecided | Invalid | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core (Ubuntu Xenial) | Undecided | Fix Released | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core (Ubuntu Zesty) | Undecided | Fix Released | ||
1727355 | Juju attempts to bootstrap bionic by default | juju-core | Undecided | Won't Fix |
See the
CVE page on Mitre.org
for more details.