English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.123614
Category:Oracle Linux Local Security Checks
Title:Oracle: Security Advisory (ELSA-2013-0896)
Summary:The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2013-0896 advisory.
Description:Summary:
The remote host is missing an update for the 'qemu-kvm' package(s) announced via the ELSA-2013-0896 advisory.

Vulnerability Insight:
[0.12.1.2-2.355.el6_4.5]
- kvm-e1000-fix-link-down-handling-with-auto-negotiation.patch [bz#907716]
- kvm-e1000-unbreak-the-guest-network-when-migration-to-RH.patch [bz#907716]
- kvm-reimplement-error_setg-and-error_setg_errno-for-RHEL.patch [bz#957056]
- kvm-qga-set-umask-0077-when-daemonizing-CVE-2013-2007.patch [bz#957056]
- kvm-qga-distinguish-binary-modes-in-guest_file_open_mode.patch [bz#957056]
- kvm-qga-unlink-just-created-guest-file-if-fchmod-or-fdop.patch [bz#957056]
- Resolves: bz#907716
(use set_link to change rtl8139 and e1000 network card's status but fail to make effectively after reboot guest)
- Resolves: bz#957056
(CVE-2013-2007 qemu: guest agent creates files with insecure permissions in daemon mode [rhel-6.4.z])

[0.12.1.2-2.355.el6_4.4]
- kvm-virtio-balloon-fix-integer-overflow-in-BALLOON_CHANG.patch [bz#958750]
- Resolves: bz#958750
(QMP event shows incorrect balloon value when balloon size is grater than or equal to 4G)

Affected Software/OS:
'qemu-kvm' package(s) on Oracle Linux 6.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2007
1028521
http://www.securitytracker.com/id/1028521
53325
http://secunia.com/advisories/53325
59675
http://www.securityfocus.com/bid/59675
93032
http://osvdb.org/93032
RHSA-2013:0791
http://rhn.redhat.com/errata/RHSA-2013-0791.html
RHSA-2013:0896
http://rhn.redhat.com/errata/RHSA-2013-0896.html
[oss-security] 20130506 Xen Security Advisory 51 (CVE-2013-2007) - qemu guest agent (qga) insecure file permissions
http://www.openwall.com/lists/oss-security/2013/05/06/5
http://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=c689b4f1bac352dcfd6ecb9a1d45337de0f1de67
https://bugzilla.redhat.com/show_bug.cgi?id=956082
openSUSE-SU-2013:1202
http://lists.opensuse.org/opensuse-updates/2013-07/msg00057.html
qemu-cve20132007-priv-esc(84047)
https://exchange.xforce.ibmcloud.com/vulnerabilities/84047
CopyrightCopyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.