Lucene search

[email protected]CVE-2013-1922

HistoryMay 13, 2013 - 11:55 p.m.

CVE-2013-1922

2013-05-1323:55:01

CWE-264

[email protected]

web.nvd.nist.gov

qemu

qemu-nbd

local guest os

administrators

arbitrary files

security vulnerability

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

Affected configurations

NVD

Node

xenxenMatch4.2.0

xenxenMatch4.2.1

xenxenMatch4.2.2

CPENameOperatorVersion
xen:xenxeneq4.2.0
xen:xenxeneq4.2.1
xen:xenxeneq4.2.2

CPE	Name	Operator	Version
xen:xen	xen	eq	4.2.0
xen:xen	xen	eq	4.2.1
xen:xen	xen	eq	4.2.2

References

lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

www.openwall.com/lists/oss-security/2013/04/15/3

www.openwall.com/lists/oss-security/2013/04/16/2

www.securitytracker.com/id/1028426

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for CVE-2013-1922

prion3 ubuntucve3 nvd3 debiancve3 cvelist3 fedora21 xen1 nessus16 openvas51 freebsd1 cve2 veracode1 ubuntu2 redhat1 centos1 oraclelinux1 gentoo1