CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
5.1%
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when
started in daemon mode, uses weak permissions for certain files, which
allows local users to read and write to these files.
Author | Note |
---|---|
mdeslaur | qemu guest agent is shipped in qemu-kvm binary package in precise. It’s not built in quantal. It’s in the qemu-guest-agent package in raring+ |
seth-arnold | I didn’t see the qga.c or related files in xen-3.3 or xen packages |
mdeslaur | although we shipped the guest agent in the precise qemu-kvm package, we did not ship any init script. Users of this tool are advised to configure it to creates files in directories with appropriate permissions. we will not be releasing an update for precise. |
osvdb.org/93032
secunia.com/advisories/53325
www.openwall.com/lists/oss-security/2013/05/06/5
www.securitytracker.com/id/1028521
xforce.iss.net/xforce/xfdb/84047
launchpad.net/bugs/cve/CVE-2013-2007
nvd.nist.gov/vuln/detail/CVE-2013-2007
security-tracker.debian.org/tracker/CVE-2013-2007
www.cve.org/CVERecord?id=CVE-2013-2007