Lucene search

[email protected]CVE-2013-1922

HistoryMay 13, 2013 - 11:55 p.m.

CVE-2013-1922

2013-05-1323:55:00

CWE-264

[email protected]

web.nvd.nist.gov

qemu

qemu-nbd

local guest os

administrators

arbitrary files

security vulnerability

5.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.

CPENameOperatorVersion
xen:xenxeneq4.2.2
xen:xenxeneq4.2.0
xen:xenxeneq4.2.1

CPE	Name	Operator	Version
xen:xen	xen	eq	4.2.2
xen:xen	xen	eq	4.2.0
xen:xen	xen	eq	4.2.1

References

lists.fedoraproject.org/pipermail/package-announce/2013-April/103621.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/103637.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/104036.html

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

www.openwall.com/lists/oss-security/2013/04/15/3

www.openwall.com/lists/oss-security/2013/04/16/2

www.securitytracker.com/id/1028426

5.9 Medium

AI Score

Confidence

Low

3.3 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

26.0%

JSON

Related for CVE-2013-1922

debiancve3 ubuntucve3 prion3 nessus16 fedora21 xen1 openvas51 freebsd1 cvelist2 cve2 veracode1 ubuntu2 redhat1 centos1 oraclelinux1 gentoo1