ID CVE-2013-2231
Summary Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 22-04-2019 - 17:48)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • bugzilla
    id 980757
    title CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhba:tst:20111656001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhba:tst:20111656002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20111656004
    • OR
      • AND
        • comment qemu-guest-agent is earlier than 2:0.12.1.2-2.355.el6_4.6
          oval oval:com.redhat.rhsa:tst:20131100011
        • comment qemu-guest-agent is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20121234008
      • AND
        • comment qemu-guest-agent-win32 is earlier than 2:0.12.1.2-2.355.el6_4.6
          oval oval:com.redhat.rhsa:tst:20131100013
        • comment qemu-guest-agent-win32 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130609014
      • AND
        • comment qemu-img is earlier than 2:0.12.1.2-2.355.el6_4.6
          oval oval:com.redhat.rhsa:tst:20131100007
        • comment qemu-img is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345008
      • AND
        • comment qemu-kvm is earlier than 2:0.12.1.2-2.355.el6_4.6
          oval oval:com.redhat.rhsa:tst:20131100005
        • comment qemu-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345006
      • AND
        • comment qemu-kvm-tools is earlier than 2:0.12.1.2-2.355.el6_4.6
          oval oval:com.redhat.rhsa:tst:20131100009
        • comment qemu-kvm-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110345010
    rhsa
    id RHSA-2013:1100
    released 2013-07-22
    severity Important
    title RHSA-2013:1100: qemu-kvm security update (Important)
  • rhsa
    id RHSA-2013:1101
rpms
  • qemu-guest-agent-2:0.12.1.2-2.355.el6_4.6
  • qemu-guest-agent-win32-2:0.12.1.2-2.355.el6_4.6
  • qemu-img-2:0.12.1.2-2.355.el6_4.6
  • qemu-kvm-2:0.12.1.2-2.355.el6_4.6
  • qemu-kvm-tools-2:0.12.1.2-2.355.el6_4.6
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=980757
Last major update 22-04-2019 - 17:48
Published 01-10-2013 - 17:55
Back to Top