CVE-2013-2007 - OpenCVE

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Qemu	Qemu

Configuration 1 [-]

cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*

References

Link	Resource
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
http://osvdb.org/93032
http://rhn.redhat.com/errata/RHSA-2013-0791.html
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://secunia.com/advisories/53325	Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://www.securityfocus.com/bid/59675
http://www.securitytracker.com/id/1028521
https://bugzilla.redhat.com/show_bug.cgi?id=956082
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-05-21T18:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-2007

JSON object: View

NVD Information

Status : Modified

Published: 2013-05-21T18:55:02.623

Modified: 2023-02-13T04:42:39.310

Link: CVE-2013-2007

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-05-06T00:00:00", "descriptions": [{"lang": "en", "value": "The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2013:1202", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"}, {"name": "93032", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/93032"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"}, {"name": "1028521", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028521"}, {"name": "59675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59675"}, {"name": "[oss-security] 20130506 Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"}, {"name": "53325", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/53325"}, {"name": "qemu-cve20132007-priv-esc(84047)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"}, {"name": "RHSA-2013:0791", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"}, {"name": "RHSA-2013:0896", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2007", "datePublished": "2013-05-21T18:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "59B3B915-1606-48E4-9EFC-BD9D6A6D404A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files."}, {"lang": "es", "value": "El agente qemu en en Qemu 1.4.1 y anteriores, usado por Xen, cuando se inicia en modo demonio, utiliza permisos d\u00e9biles para determinados archivos, lo que permite a usuarios locales leer y escribir sobre estos archivos."}], "id": "CVE-2013-2007", "lastModified": "2023-02-13T04:42:39.310", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-05-21T18:55:02.623", "references": [{"source": "secalert@redhat.com", "url": "http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/93032"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0791.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0896.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/53325"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/05/06/5"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/59675"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1028521"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=956082"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84047"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}