Launchpad.net

CVE 2012-2690

virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information.

Related bugs and status

CVE-2012-2690 (Candidate) is related to these bugs:

Bug #1012259: (CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)

		In	Importance	Status
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	libguestfs (Ubuntu)	Undecided	Fix Released
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	Gentoo Linux	Unknown	Unknown
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	libguestfs (Fedora)	Low	Fix Released
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	libguestfs (Ubuntu Precise)	Undecided	Won't Fix
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	libguestfs (Ubuntu Quantal)	Undecided	Fix Released
1012259	(CVE-2012-2690) CVE-2012-2690 libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)	libguestfs (Ubuntu Raring)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-2690

Related bugs and status

Related bugs

References