CVE-2013-2007
First published: Wed Apr 24 2013(Updated: )
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU qemu | =1.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
- http://osvdb.org/93032
- http://rhn.redhat.com/errata/RHSA-2013-0791.html
- http://rhn.redhat.com/errata/RHSA-2013-0896.html
- http://secunia.com/advisories/53325
- http://www.openwall.com/lists/oss-security/2013/05/06/5
- http://www.securityfocus.com/bid/59675
- http://www.securitytracker.com/id/1028521
- https://bugzilla.redhat.com/show_bug.cgi?id=956082
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=739402&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=739402&action=edit
- http://git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=969455
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=969456
- https://rhn.redhat.com/errata/RHSA-2013-0896.html
- https://rhn.redhat.com/errata/RHSA-2013-0791.html
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/references
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2013-2007
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- agent/tags
- agent/trending
- vendor/qemu
- canonical/qemu qemu
- version/qemu qemu/1.4.1