CVE-2013-2007

high

Description

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84047

https://bugzilla.redhat.com/show_bug.cgi?id=956082

http://www.securitytracker.com/id/1028521

http://www.securityfocus.com/bid/59675

http://www.openwall.com/lists/oss-security/2013/05/06/5

http://secunia.com/advisories/53325

http://rhn.redhat.com/errata/RHSA-2013-0896.html

http://rhn.redhat.com/errata/RHSA-2013-0791.html

http://osvdb.org/93032

http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html

http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67

Details

Source: Mitre, NVD

Published: 2013-05-21

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

Detections

Analytics