CVE-2013-2231

Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2013-1100.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1101.html	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=980757

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-10-01 17:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-2231

Mitre link : CVE-2013-2231

CVE.ORG link : CVE-2013-2231

JSON object : View

Products Affected

microsoft

windows

redhat

enterprise_linux_server_supplementary
enterprise_linux
enterprise_linux_workstation_supplementary
enterprise_linux_desktop_supplementary

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2013-2231", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-01T17:55:03.413", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2013-1100.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-1101.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=980757", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "Unquoted Windows search path vulnerability in the QEMU Guest Agent service for Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, and Workstation Supplementary 6, when installing on Windows, allows local users to gain privileges via a crafted program in an unspecified folder."}, {"lang": "es", "value": "Vulnerabilidad de b\u00fasqueda de ruta Windows sin entrecomillar en el servicio QEMU GuestAgent para Red Hat Enterprise Linux Desktop 6, HPC Node 6, Server 6, Workstation 6, Desktop Supplementary 6, Server Supplementary 6, Supplementary AUS 6.4, Supplementary EUS 6.4.z, y Workstation Supplementary 6, al instalar Windows, permite a usuarios locales obtener privliegios a trav\u00e9s de un programa manipulado en un directorio no especificado."}], "lastModified": "2023-02-13T04:44:14.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "163EBDEF-8776-4617-8940-5025E85748DC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.4.z:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37A78795-B6B0-4BB5-B3F0-674AFABA01D4"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}