CVE-2012-2690
Summary
| CVE | CVE-2012-2690 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-06-29 19:55:00 UTC |
| Updated | 2017-08-29 01:31:00 UTC |
| Description | virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libguestfs | Libguestfs | 1.16.0 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.1 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.10 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.11 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.12 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.13 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.14 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.15 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.16 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.17 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.18 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.19 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.2 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.20 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.21 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.22 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.23 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.24 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.25 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.26 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.3 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.4 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.5 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.6 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.7 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.8 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.9 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.0 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.1 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.10 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.11 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.12 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.13 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.14 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.15 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.16 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.17 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.18 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.19 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.2 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.20 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.21 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.22 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.23 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.24 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.25 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.26 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.27 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.28 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.29 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.3 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.30 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.31 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.32 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.33 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.34 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.35 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.36 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.37 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.38 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.39 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.4 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.40 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.41 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.42 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.5 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.6 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.7 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.8 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.9 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.0 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.1 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.10 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.11 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.12 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.13 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.14 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.15 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.16 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.17 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.18 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.19 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.2 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.20 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.21 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.22 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.23 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.24 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.25 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.26 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.3 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.4 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.5 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.6 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.7 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.8 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.16.9 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.0 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.1 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.10 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.11 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.12 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.13 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.14 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.15 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.16 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.17 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.18 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.19 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.2 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.20 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.21 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.22 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.23 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.24 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.25 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.26 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.27 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.28 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.29 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.3 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.30 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.31 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.32 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.33 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.34 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.35 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.36 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.37 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.38 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.39 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.4 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.40 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.41 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.42 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.5 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.6 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.7 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.8 | All | All | All |
| Application | Libguestfs | Libguestfs | 1.17.9 | All | All | All |
| Application | Libguestfs | Libguestfs | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [Libguestfs] [ANNOUNCE] libguestfs 1.18 released - tools for managing vi | MLIST | www.redhat.com | |
| Security Advisory SA49431 - libguestfs "virt-edit" File Permissions Security Issue - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| libguestfs File Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Security Advisory SA49545 - Red Hat update for libguestfs - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.