CVE-2013-2007

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
qemuqemu
1.4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
saucy
not-affected
raring
ignored
quantal
dne
precise
dne
lucid
dne
qemu-kvm
saucy
dne
raring
dne
quantal
not-affected
precise
ignored
lucid
not-affected
xen
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
lucid
dne
xen-3.3
saucy
dne
raring
dne
quantal
dne
precise
dne
lucid
not-affected
Common Weakness Enumeration
References
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
http://osvdb.org/93032
http://rhn.redhat.com/errata/RHSA-2013-0791.html
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://secunia.com/advisories/53325
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://www.securityfocus.com/bid/59675
http://www.securitytracker.com/id/1028521
https://bugzilla.redhat.com/show_bug.cgi?id=956082
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
http://osvdb.org/93032
http://rhn.redhat.com/errata/RHSA-2013-0791.html
http://rhn.redhat.com/errata/RHSA-2013-0896.html
http://secunia.com/advisories/53325
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://www.securityfocus.com/bid/59675
http://www.securitytracker.com/id/1028521
https://bugzilla.redhat.com/show_bug.cgi?id=956082
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047