Vulnerability Name:

CVE-2012-2690 (CCN-76220)

Assigned:2012-02-08
Published:2012-02-08
Updated:2017-08-29
Summary:virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
1.2 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N)
0.9 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2012-2690

Source: CCN
Type: libguestfs Web site
libguestfs

Source: CCN
Type: RHSA-2012-0774
Low: libguestfs security, bug fix, and enhancement update

Source: REDHAT
Type: UNKNOWN
RHSA-2012:0774

Source: CCN
Type: SA49431
libguestfs "virt-edit" File Permissions Security Issue

Source: SECUNIA
Type: Vendor Advisory
49431

Source: SECUNIA
Type: Vendor Advisory
49545

Source: CCN
Type: OSVDB ID: 82898
libguestfs virt-edit Utility File Editing Permission Weakness Local Information Disclosure

Source: BID
Type: UNKNOWN
53932

Source: CCN
Type: BID-53932
libguestfs File Information Disclosure Vulnerability

Source: CCN
Type: Red Hat Bugzilla Bug 788642
libguestfs: virt-edit doesn't preserve file permissions

Source: XF
Type: UNKNOWN
libguestfs-virtedit-info-disc(76220)

Source: XF
Type: UNKNOWN
libguestfs-virtedit-info-disc(76220)

Source: MLIST
Type: UNKNOWN
[Libguestfs] 20120521 [ANNOUNCE] libguestfs 1.18 released - tools for managing virtual machines and disk images

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libguestfs:libguestfs:1.16.0:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.2:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.3:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.4:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.5:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.6:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.7:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.8:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.9:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.10:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.11:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.12:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.13:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.14:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.15:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.16:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.17:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.18:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.19:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.20:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.21:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.22:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.23:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.24:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.25:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.16.26:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.1:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.3:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.4:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.5:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.6:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.7:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.8:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.9:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.10:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.11:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.12:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.13:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.14:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.15:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.16:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.17:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.18:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.19:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.20:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.21:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.22:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.23:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.24:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.25:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.26:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.27:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.28:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.29:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.30:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.31:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.32:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.33:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.34:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.35:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.36:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.37:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.38:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.39:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.40:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.41:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:1.17.42:*:*:*:*:*:*:*
  • OR cpe:/a:libguestfs:libguestfs:*:*:*:*:*:*:*:* (Version <= 1.17.43)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::computenode:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:libguestfs:libguestfs:1.16.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_hpc_node:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:23433
    P
    		ELSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)
    2014-05-26
    oval:org.mitre.oval:def:21147
    P
    		RHSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)
    2014-02-24
    oval:com.ubuntu.precise:def:20122690000
    V
    		CVE-2012-2690 on Ubuntu 12.04 LTS (precise) - low.
    2012-06-29
    oval:com.ubuntu.trusty:def:20122690000
    V
    		CVE-2012-2690 on Ubuntu 14.04 LTS (trusty) - low.
    2012-06-29
    oval:com.ubuntu.xenial:def:201226900000000
    V
    		CVE-2012-2690 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-29
    oval:com.ubuntu.xenial:def:20122690000
    V
    		CVE-2012-2690 on Ubuntu 16.04 LTS (xenial) - low.
    2012-06-29
    oval:com.redhat.rhsa:def:20120774
    P
    		RHSA-2012:0774: libguestfs security, bug fix, and enhancement update (Low)
    2012-06-20
    BACK
    libguestfs libguestfs 1.16.0
    libguestfs libguestfs 1.16.1
    libguestfs libguestfs 1.16.2
    libguestfs libguestfs 1.16.3
    libguestfs libguestfs 1.16.4
    libguestfs libguestfs 1.16.5
    libguestfs libguestfs 1.16.6
    libguestfs libguestfs 1.16.7
    libguestfs libguestfs 1.16.8
    libguestfs libguestfs 1.16.9
    libguestfs libguestfs 1.16.10
    libguestfs libguestfs 1.16.11
    libguestfs libguestfs 1.16.12
    libguestfs libguestfs 1.16.13
    libguestfs libguestfs 1.16.14
    libguestfs libguestfs 1.16.15
    libguestfs libguestfs 1.16.16
    libguestfs libguestfs 1.16.17
    libguestfs libguestfs 1.16.18
    libguestfs libguestfs 1.16.19
    libguestfs libguestfs 1.16.20
    libguestfs libguestfs 1.16.21
    libguestfs libguestfs 1.16.22
    libguestfs libguestfs 1.16.23
    libguestfs libguestfs 1.16.24
    libguestfs libguestfs 1.16.25
    libguestfs libguestfs 1.16.26
    libguestfs libguestfs 1.17.0
    libguestfs libguestfs 1.17.1
    libguestfs libguestfs 1.17.2
    libguestfs libguestfs 1.17.3
    libguestfs libguestfs 1.17.4
    libguestfs libguestfs 1.17.5
    libguestfs libguestfs 1.17.6
    libguestfs libguestfs 1.17.7
    libguestfs libguestfs 1.17.8
    libguestfs libguestfs 1.17.9
    libguestfs libguestfs 1.17.10
    libguestfs libguestfs 1.17.11
    libguestfs libguestfs 1.17.12
    libguestfs libguestfs 1.17.13
    libguestfs libguestfs 1.17.14
    libguestfs libguestfs 1.17.15
    libguestfs libguestfs 1.17.16
    libguestfs libguestfs 1.17.17
    libguestfs libguestfs 1.17.18
    libguestfs libguestfs 1.17.19
    libguestfs libguestfs 1.17.20
    libguestfs libguestfs 1.17.21
    libguestfs libguestfs 1.17.22
    libguestfs libguestfs 1.17.23
    libguestfs libguestfs 1.17.24
    libguestfs libguestfs 1.17.25
    libguestfs libguestfs 1.17.26
    libguestfs libguestfs 1.17.27
    libguestfs libguestfs 1.17.28
    libguestfs libguestfs 1.17.29
    libguestfs libguestfs 1.17.30
    libguestfs libguestfs 1.17.31
    libguestfs libguestfs 1.17.32
    libguestfs libguestfs 1.17.33
    libguestfs libguestfs 1.17.34
    libguestfs libguestfs 1.17.35
    libguestfs libguestfs 1.17.36
    libguestfs libguestfs 1.17.37
    libguestfs libguestfs 1.17.38
    libguestfs libguestfs 1.17.39
    libguestfs libguestfs 1.17.40
    libguestfs libguestfs 1.17.41
    libguestfs libguestfs 1.17.42
    libguestfs libguestfs *
    libguestfs libguestfs 1.16.4
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6
    redhat enterprise linux hpc node 6