[v2.6] qemu CVE-2013-2007: guest agent creates files with insecure permissions in deamon mode
references:
http://www.openwall.com/lists/oss-security/2013/05/06/5
https://bugzilla.redhat.com/show\_bug.cgi?id=956082\#c6
upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
DESCRIPTION ==
The upstream qemu guest agent creates files with insecure permissions when started in daemon mode, which could potentially lead local privilege escalation.
The Red Hat Enterprise Linux 6 qemu-ga, when started in daemon mode,
creates logfiles in /var/log/ world writable allowing any one on the
system to wipe the contents of the log file or to store data within the
log file. An unprivileged guest user could use this flaw to consume all
free space on the partition
with qemu-ga log file, or modify the contents of the log. When a UNIX
domain socket transport were explicitly configured to be used
(non-default), an unprivileged guest user could potentially use this
flaw to escalate their privileges in the guest.
Acknowledgements:
This issue was discovered by Laszlo Ersek of Red Hat.
(from redmine: issue id 2060, created on 2013-06-03, closed on 2013-06-06)
- Relations:
- parent #2059 (closed)
- Changesets:
- Revision 3fe8d5a2 by Natanael Copa on 2013-06-04T10:53:28Z:
main/qemu: security upgrade to 1.4.2 (CVE-2013-2007)
fixes #2060