CVE-2013-1766 : libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files

libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.

Published 2013-03-20 15:55:01

Updated 2013-03-21 16:34:13

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-1766

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-1766

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-1766

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-1766

http://www.debian.org/security/2013/dsa-2650

Debian -- Security Information -- DSA-2650-2 libvirt
http://www.securityfocus.com/bid/58178

libvirt CVE-2013-1766 Local Security Bypass Vulnerability

Products affected by CVE-2013-1766

Redhat » Libvirt
Versions up to, including, (<=) 1.0.2
cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.8
cpe:2.3:a:redhat:libvirt:0.8.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.2
cpe:2.3:a:redhat:libvirt:0.8.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.1
cpe:2.3:a:redhat:libvirt:0.8.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.2
cpe:2.3:a:redhat:libvirt:0.7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.1
cpe:2.3:a:redhat:libvirt:0.7.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.0
cpe:2.3:a:redhat:libvirt:0.1.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.1
cpe:2.3:a:redhat:libvirt:0.1.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.9
cpe:2.3:a:redhat:libvirt:0.1.9:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.0
cpe:2.3:a:redhat:libvirt:0.2.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.3
cpe:2.3:a:redhat:libvirt:0.3.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.0
cpe:2.3:a:redhat:libvirt:0.4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.5.1
cpe:2.3:a:redhat:libvirt:0.5.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.0
cpe:2.3:a:redhat:libvirt:0.6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.7
cpe:2.3:a:redhat:libvirt:0.8.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.0
cpe:2.3:a:redhat:libvirt:0.8.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.7
cpe:2.3:a:redhat:libvirt:0.7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.0
cpe:2.3:a:redhat:libvirt:0.7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.1
cpe:2.3:a:redhat:libvirt:0.0.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.3
cpe:2.3:a:redhat:libvirt:0.1.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.4
cpe:2.3:a:redhat:libvirt:0.1.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.1
cpe:2.3:a:redhat:libvirt:0.2.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.2
cpe:2.3:a:redhat:libvirt:0.2.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.1
cpe:2.3:a:redhat:libvirt:0.4.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.2
cpe:2.3:a:redhat:libvirt:0.4.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.3
cpe:2.3:a:redhat:libvirt:0.4.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.1
cpe:2.3:a:redhat:libvirt:0.6.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.2
cpe:2.3:a:redhat:libvirt:0.6.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.6
cpe:2.3:a:redhat:libvirt:0.8.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.5
cpe:2.3:a:redhat:libvirt:0.8.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.6
cpe:2.3:a:redhat:libvirt:0.7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.5
cpe:2.3:a:redhat:libvirt:0.7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.2
cpe:2.3:a:redhat:libvirt:0.0.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.3
cpe:2.3:a:redhat:libvirt:0.0.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.4
cpe:2.3:a:redhat:libvirt:0.0.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.5
cpe:2.3:a:redhat:libvirt:0.1.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.6
cpe:2.3:a:redhat:libvirt:0.1.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.2.3
cpe:2.3:a:redhat:libvirt:0.2.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.0
cpe:2.3:a:redhat:libvirt:0.3.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.4
cpe:2.3:a:redhat:libvirt:0.4.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.5
cpe:2.3:a:redhat:libvirt:0.4.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.3
cpe:2.3:a:redhat:libvirt:0.6.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.4
cpe:2.3:a:redhat:libvirt:0.6.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.4
cpe:2.3:a:redhat:libvirt:0.8.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.8.3
cpe:2.3:a:redhat:libvirt:0.8.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.4
cpe:2.3:a:redhat:libvirt:0.7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.7.3
cpe:2.3:a:redhat:libvirt:0.7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.5
cpe:2.3:a:redhat:libvirt:0.0.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.0.6
cpe:2.3:a:redhat:libvirt:0.0.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.7
cpe:2.3:a:redhat:libvirt:0.1.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.1.8
cpe:2.3:a:redhat:libvirt:0.1.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.1
cpe:2.3:a:redhat:libvirt:0.3.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.3.2
cpe:2.3:a:redhat:libvirt:0.3.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.4.6
cpe:2.3:a:redhat:libvirt:0.4.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.5.0
cpe:2.3:a:redhat:libvirt:0.5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.6.5
cpe:2.3:a:redhat:libvirt:0.6.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.1
cpe:2.3:a:redhat:libvirt:0.9.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.0
cpe:2.3:a:redhat:libvirt:0.9.0:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.8
cpe:2.3:a:redhat:libvirt:0.9.8:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.6
cpe:2.3:a:redhat:libvirt:0.9.6:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.5
cpe:2.3:a:redhat:libvirt:0.9.5:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.7
cpe:2.3:a:redhat:libvirt:0.9.7:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.10
cpe:2.3:a:redhat:libvirt:0.9.10:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.9
cpe:2.3:a:redhat:libvirt:0.9.9:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.2
cpe:2.3:a:redhat:libvirt:0.9.2:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.4
cpe:2.3:a:redhat:libvirt:0.9.4:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.3
cpe:2.3:a:redhat:libvirt:0.9.3:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.13
cpe:2.3:a:redhat:libvirt:0.9.13:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.12
cpe:2.3:a:redhat:libvirt:0.9.12:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 0.9.11
cpe:2.3:a:redhat:libvirt:0.9.11:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 1.0.1
cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
Matching versions
Redhat » Libvirt » Version: 1.0.0
cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-1766

Exploit prediction scoring system (EPSS) score for CVE-2013-1766

CVSS scores for CVE-2013-1766

CWE ids for CVE-2013-1766

References for CVE-2013-1766

Products affected by CVE-2013-1766