Lucene search

[email protected]NVD:CVE-2013-2007

HistoryMay 21, 2013 - 6:55 p.m.

CVE-2013-2007

2013-05-2118:55:02

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

Affected configurations

Nvd

Node

qemuqemuMatch1.4.1

VendorProductVersionCPE
qemuqemu1.4.1cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qemu	qemu	1.4.1	cpe:2.3:a:qemu:qemu:1.4.1:::::::*

References

git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67

lists.opensuse.org/opensuse-updates/2013-07/msg00057.html

osvdb.org/93032

rhn.redhat.com/errata/RHSA-2013-0791.html

rhn.redhat.com/errata/RHSA-2013-0896.html

secunia.com/advisories/53325

www.openwall.com/lists/oss-security/2013/05/06/5

www.securityfocus.com/bid/59675

www.securitytracker.com/id/1028521

bugzilla.redhat.com/show_bug.cgi?id=956082

exchange.xforce.ibmcloud.com/vulnerabilities/84047

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2013-2007

centos1 veracode1 openvas10 nessus10 cvelist1 debiancve1 redhat2 ubuntucve1 prion1 xen1 oraclelinux1 mageia1 cve1 fedora1 osv1