CVE-2013-2007

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
http://osvdb.org/93032
http://rhn.redhat.com/errata/RHSA-2013-0791.html
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://secunia.com/advisories/53325	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://www.securityfocus.com/bid/59675
http://www.securitytracker.com/id/1028521
https://bugzilla.redhat.com/show_bug.cgi?id=956082
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
http://osvdb.org/93032
http://rhn.redhat.com/errata/RHSA-2013-0791.html
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://secunia.com/advisories/53325	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://www.securityfocus.com/bid/59675
http://www.securitytracker.com/id/1028521
https://bugzilla.redhat.com/show_bug.cgi?id=956082
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047

Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*

History

21 Nov 2024, 01:50

Type	Values Removed	Values Added
References	~~() http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 -~~	() http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 -
References	~~() http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html -~~	() http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html -
References	~~() http://osvdb.org/93032 -~~	() http://osvdb.org/93032 -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-0791.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-0791.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2013-0896.html -~~	() http://rhn.redhat.com/errata/RHSA-2013-0896.html -
References	~~() http://secunia.com/advisories/53325 - Vendor Advisory~~	() http://secunia.com/advisories/53325 - Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2013/05/06/5 -~~	() http://www.openwall.com/lists/oss-security/2013/05/06/5 -
References	~~() http://www.securityfocus.com/bid/59675 -~~	() http://www.securityfocus.com/bid/59675 -
References	~~() http://www.securitytracker.com/id/1028521 -~~	() http://www.securitytracker.com/id/1028521 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=956082 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=956082 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/84047 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/84047 -

Information

Published : 2013-05-21 18:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-2007

Mitre link : CVE-2013-2007

CVE.ORG link : CVE-2013-2007

JSON object : View

Products Affected

qemu

qemu

CWE

CWE-264

Permissions, Privileges, and Access Controls

6.9 /10