Lucene search

[email protected]CVE-2013-2007

HistoryMay 21, 2013 - 6:55 p.m.

CVE-2013-2007

2013-05-2118:55:02

CWE-264

[email protected]

web.nvd.nist.gov

qemu

guest agent

weak permissions

local users

file access

security vulnerability

cve-2013-2007

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

Affected configurations

NVD

Node

qemuqemuMatch1.4.1

CPENameOperatorVersion
qemu:qemuqemueq1.4.1

CPE	Name	Operator	Version
qemu:qemu	qemu	eq	1.4.1

References

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67

lists.opensuse.org/opensuse-updates/2013-07/msg00057.html

osvdb.org/93032

rhn.redhat.com/errata/RHSA-2013-0791.html

rhn.redhat.com/errata/RHSA-2013-0896.html

secunia.com/advisories/53325

www.openwall.com/lists/oss-security/2013/05/06/5

www.securityfocus.com/bid/59675

www.securitytracker.com/id/1028521

bugzilla.redhat.com/show_bug.cgi?id=956082

exchange.xforce.ibmcloud.com/vulnerabilities/84047

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2013-2007

nessus10 veracode1 cvelist1 centos1 openvas10 debiancve1 prion1 ubuntucve1 redhat2 nvd1 xen1 mageia1 oraclelinux1 fedora1