CVE-2013-2007

Publication date 21 May 2013

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when started in daemon mode, uses weak permissions for certain files, which allows local users to read and write to these files.

Read the notes from the security team

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
qemu 13.10 saucy
Not affected
13.04 raring Ignored end of life
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release
qemu-kvm 13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal
Not affected
12.04 LTS precise Ignored
10.04 LTS lucid
Not affected
xen 13.10 saucy
Not affected
13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Not affected
10.04 LTS lucid Not in release
xen-3.3 13.10 saucy Not in release
13.04 raring Not in release
12.10 quantal Not in release
12.04 LTS precise Not in release
10.04 LTS lucid
Not affected

Notes

mdeslaur

qemu guest agent is shipped in qemu-kvm binary package in precise. It’s not built in quantal. It’s in the qemu-guest-agent package in raring+

seth-arnold

I didn’t see the qga.c or related files in xen-3.3 or xen packages

mdeslaur

although we shipped the guest agent in the precise qemu-kvm package, we did not ship any init script. Users of this tool are advised to configure it to creates files in directories with appropriate permissions. we will not be releasing an update for precise.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
qemu
qemu-kvm