PT-2013-3502 · Qemu+3 · Qemu+3

Laszlo Ersek

Published

2013-05-21

Updated

2024-06-15

CVE-2013-2007

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qemu versions 1.4.1 and earlier

Description The issue concerns the qemu guest agent in Qemu, which is used by Xen. When the agent is started in daemon mode, it utilizes weak permissions for certain files. This weakness allows local users to read and write to these files.

Recommendations For Qemu versions 1.4.1 and earlier, consider restricting access to the affected files until a patch is available. As a temporary workaround, avoid running the qemu guest agent in daemon mode to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2013_0896

CVE-2013-2007

MGASA-2013-0169

OPENSUSE-SU-2024:10196-1

RHSA-2013:0896

RHSA-2013_0896

SUSE-SU-2013_1214-1

Affected Products

Centos

Qemu

Red Hat

Suse

PT-2013-3502 · Qemu+3 · Qemu+3

CVE-2013-2007

Weakness Enumeration

Related Identifiers

Affected Products

References · 158