CVE-2012-2690

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/53932
http://secunia.com/advisories/49431	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-0774.html
http://secunia.com/advisories/49545	Vendor Advisory
https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/76220

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libguestfs:libguestfs:1.17.39:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.38:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.31:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.30:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.23:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.22:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.21:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.14:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.13:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.6:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.5:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.29:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.15:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.37:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.23:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.36:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.17:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.22:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.3:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.9:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.7:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.20:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.25:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.12:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.11:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.16:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.4:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.14:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.19:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.28:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.0:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.8:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.24:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.35:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.10:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.42:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.8:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.13:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.3:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.9:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.34:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.11:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.12:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.6:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.16:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.17:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.32:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.10:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.25:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.2:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.4:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.26:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.41:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.2:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.0:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.20:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.33:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.26:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.19:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.7:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.17.18:::::::*
	cpe:2.3:a:libguestfs:libguestfs::::::::
	cpe:2.3:a:libguestfs:libguestfs:1.16.18:::::::*
	cpe:2.3:a:libguestfs:libguestfs:1.16.21:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.17.27:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.16.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.16.5:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.17.1:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.17.40:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.17.24:::::::*
cpe:2.3:a:libguestfs:libguestfs:1.17.15:::::::*

Information

Published : 2012-06-29 12:55

Updated : 2017-08-28 18:31

NVD link : CVE-2012-2690

Mitre link : CVE-2012-2690

JSON object : View

CWE

CWE-255

Credentials Management Errors

Products Affected

libguestfs

libguestfs

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/53932", "name": "53932", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/49431", "name": "49431", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0774.html", "name": "RHSA-2012:0774", "tags": [], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/49545", "name": "49545", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html", "name": "[Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images", "tags": [], "refsource": "MLIST"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76220", "name": "libguestfs-virtedit-info-disc(76220)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-2690", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-06-29T19:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.17.43"}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.16.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:libguestfs:libguestfs:1.17.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:31Z"}

2.1 /10