OpenCVE

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Ovirt	Ovirt-engine

Configuration 1 [-]

AND

cpe:2.3:a:ovirt:ovirt-engine:3.2:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/cve-2013-4367
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367
https://nvd.nist.gov/vuln/detail/CVE-2013-4367
https://www.cve.org/CVERecord?id=CVE-2013-4367

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-01T17:20:45

Updated: 2024-08-06T16:38:01.926Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4367

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-01T18:15:11.393

Modified: 2024-11-21T01:55:26.147

Link: CVE-2013-4367

Redhat

Severity : Moderate

Publid Date: 2013-09-23T00:00:00Z

Links: CVE-2013-4367 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "ovirt-engine", "vendor": "ovirt-engine", "versions": [{"status": "affected", "version": "ovirt-engine 3.2 running on Linux kernel 3.1 and newer"}]}], "datePublic": "2013-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'."}], "problemTypes": [{"descriptions": [{"description": "Insecure Permissions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-01T17:20:45", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/cve-2013-4367"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4367", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ovirt-engine", "version": {"version_data": [{"version_value": "ovirt-engine 3.2 running on Linux kernel 3.1 and newer"}]}}]}, "vendor_name": "ovirt-engine"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insecure Permissions"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367"}, {"name": "https://access.redhat.com/security/cve/cve-2013-4367", "refsource": "MISC", "url": "https://access.redhat.com/security/cve/cve-2013-4367"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.926Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/cve-2013-4367"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4367", "datePublished": "2019-11-01T17:20:45", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ovirt:ovirt-engine:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C5598D7-58A0-4C01-8592-5E6A7A460D58", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3DFFE5A6-6A67-4992-84A3-C0F05FACDEAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'."}, {"lang": "es", "value": "ovirt-engine versi\u00f3n 3.2, ejecutado sobre el kernel de Linux versiones 3.1 y posteriores, crea determinados archivos de tipo world-writeable debido a un cambio de kernel ascendente que impact\u00f3 c\u00f3mo opera la funci\u00f3n os.chmod() de python cuando pas\u00f3 a un modo de \"-1\"."}], "id": "CVE-2013-4367", "lastModified": "2024-11-21T01:55:26.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-01T18:15:11.393", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2013-4367"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/cve-2013-4367"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4367"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}