Vulnerability Details : CVE-2013-2007
The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
Exploit prediction scoring system (EPSS) score for CVE-2013-2007
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-2007
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-2007
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-2007
-
http://www.securitytracker.com/id/1028521
Xen Qemu Guest Agent Insecure File Permissions Lets Local Users Gain Elevated Privileges - SecurityTracker
-
https://bugzilla.redhat.com/show_bug.cgi?id=956082
956082 – (CVE-2013-2007) CVE-2013-2007 qemu: guest agent creates files with insecure permissions in deamon mode
-
http://www.securityfocus.com/bid/59675
QEMU Guest Agent CVE-2013-2007 Insecure File Permissions Vulnerability
-
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
QEMU · GitLab
-
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
openSUSE-SU-2013:1202-1: moderate: qemu
-
http://rhn.redhat.com/errata/RHSA-2013-0791.html
RHSA-2013:0791 - Security Advisory - Red Hat Customer Portal
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
Qemu privilege escalation CVE-2013-2007 Vulnerability Report
-
http://rhn.redhat.com/errata/RHSA-2013-0896.html
RHSA-2013:0896 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2013/05/06/5
oss-security - Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions
Products affected by CVE-2013-2007
- cpe:2.3:a:qemu:qemu:1.4.1:*:*:*:*:*:*:*