CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
5.1%
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
osvdb.org/93032
rhn.redhat.com/errata/RHSA-2013-0791.html
rhn.redhat.com/errata/RHSA-2013-0896.html
secunia.com/advisories/53325
www.openwall.com/lists/oss-security/2013/05/06/5
www.securityfocus.com/bid/59675
www.securitytracker.com/id/1028521
bugzilla.redhat.com/show_bug.cgi?id=956082
exchange.xforce.ibmcloud.com/vulnerabilities/84047