PT-2013-3502 · Qemu+3 · Qemu+3

Laszlo Ersek

Publicado

2013-05-21

Atualizado

2024-06-15

CVE-2013-2007

CVSS v2.0

6.9

Média

Vetor

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qemu versions 1.4.1 and earlier

Description The issue concerns the qemu guest agent in Qemu, which is used by Xen. When the agent is started in daemon mode, it utilizes weak permissions for certain files. This weakness allows local users to read and write to these files.

Recommendations For Qemu versions 1.4.1 and earlier, consider restricting access to the affected files until a patch is available. As a temporary workaround, avoid running the qemu guest agent in daemon mode to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2013_0896

CVE-2013-2007

MGASA-2013-0169

OPENSUSE-SU-2024:10196-1

RHSA-2013:0896

RHSA-2013_0896

SUSE-SU-2013_1214-1

Produtos afetados

Centos

Qemu

Red Hat

Suse

PT-2013-3502 · Qemu+3 · Qemu+3

CVE-2013-2007

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 158