| ID |
CVE-2013-2231
|
| Summary |
Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*
-
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
-
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.2 (as of 13-02-2023 - 04:44) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-399 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| LOCAL |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
COMPLETE |
COMPLETE |
|
| cvss-vector
via4
|
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| redhat
via4
|
| advisories | | bugzilla | | id | 980757 | | title | CVE-2013-2231 qemu: qemu-ga win32 service unquoted search path |
| | oval | | OR | | comment | Red Hat Enterprise Linux must be installed | | oval | oval:com.redhat.rhba:tst:20070304026 |
| AND | | comment | Red Hat Enterprise Linux 6 is installed | | oval | oval:com.redhat.rhba:tst:20111656003 |
| OR | | AND | | comment | qemu-guest-agent is earlier than 2:0.12.1.2-2.355.el6_4.6 | | oval | oval:com.redhat.rhsa:tst:20131100001 |
| comment | qemu-guest-agent is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20121234002 |
|
| AND | | comment | qemu-guest-agent-win32 is earlier than 2:0.12.1.2-2.355.el6_4.6 | | oval | oval:com.redhat.rhsa:tst:20131100003 |
| comment | qemu-guest-agent-win32 is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20130609004 |
|
| AND | | comment | qemu-img is earlier than 2:0.12.1.2-2.355.el6_4.6 | | oval | oval:com.redhat.rhsa:tst:20131100005 |
| comment | qemu-img is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20110345002 |
|
| AND | | comment | qemu-kvm is earlier than 2:0.12.1.2-2.355.el6_4.6 | | oval | oval:com.redhat.rhsa:tst:20131100007 |
| comment | qemu-kvm is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20110345004 |
|
| AND | | comment | qemu-kvm-tools is earlier than 2:0.12.1.2-2.355.el6_4.6 | | oval | oval:com.redhat.rhsa:tst:20131100009 |
| comment | qemu-kvm-tools is signed with Red Hat redhatrelease2 key | | oval | oval:com.redhat.rhsa:tst:20110345006 |
|
|
|
|
| | rhsa | | id | RHSA-2013:1100 | | released | 2013-07-22 | | severity | Important | | title | RHSA-2013:1100: qemu-kvm security update (Important) |
|
| | rpms | - qemu-guest-agent-2:0.12.1.2-2.355.el6_4.6
- qemu-guest-agent-win32-2:0.12.1.2-2.355.el6_4.6
- qemu-img-2:0.12.1.2-2.355.el6_4.6
- qemu-kvm-2:0.12.1.2-2.355.el6_4.6
- qemu-kvm-debuginfo-2:0.12.1.2-2.355.el6_4.6
- qemu-kvm-tools-2:0.12.1.2-2.355.el6_4.6
- virtio-win-0:1.6.5-6.el6_4
|
|
| refmap
via4
|
|
| Last major update |
13-02-2023 - 04:44 |
| Published |
01-10-2013 - 17:55 |
| Last modified |
13-02-2023 - 04:44 |
