CVE-2013-2231 - OpenCVE

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Enterprise Linux Workstation Supplementary Enterprise Linux Server Supplementary Enterprise Linux Desktop Supplementary
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1100.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1101.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980757

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-10-01T17:00:00Z

Updated: 2013-10-01T17:00:00Z

Reserved: 2013-02-19T00:00:00Z

Link: CVE-2013-2231

JSON object: View

NVD Information

Status : Modified

Published: 2013-10-01T17:55:03.413

Modified: 2023-02-13T04:44:14.470

Link: CVE-2013-2231

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*", "matchCriteriaId": "163EBDEF-8776-4617-8940-5025E85748DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*", "matchCriteriaId": "37A78795-B6B0-4BB5-B3F0-674AFABA01D4", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta Windows sin entrecomillar en el servicio QEMU GuestAgent para Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, y Workstation Supplementary 6, al instalar Windows, permite a usuarios locales obtener privliegios a trav\u00e9s de un programa manipulado en un directorio no especificado."}], "id": "CVE-2013-2231", "lastModified": "2023-02-13T04:44:14.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-10-01T17:55:03.413", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1100.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1101.html"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=980757"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}