CVE-2013-2007 Information

Description

The qemu guest agent in Qemu 1.4.1 and earlier as used by Xen when started in daemon mode uses weak permissions for certain files which allows local users to read and write to these files.

Reference

http://git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67 http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html http://osvdb.org/93032 http://rhn.redhat.com/errata/RHSA-2013-0791.html http://rhn.redhat.com/errata/RHSA-2013-0896.html http://secunia.com/advisories/53325 http://www.openwall.com/lists/oss-security/2013/05/06/5 http://www.securityfocus.com/bid/59675 http://www.securitytracker.com/id/1028521 https://bugzilla.redhat.com/show_bug.cgi?id=956082 https://exchange.xforce.ibmcloud.com/vulnerabilities/84047