971171 – (CVE-2013-2151) CVE-2013-2151 rhevm: rhev agent service unquoted search path

Bug 971171 (CVE-2013-2151) - CVE-2013-2151 rhevm: rhev agent service unquoted search path

Summary: CVE-2013-2151 rhevm: rhev agent service unquoted search path

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2013-2151
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	918635
Blocks:	971173 971177
TreeView+	depends on / blocked

Reported:	2013-06-05 21:27 UTC by Petr Matousek
Modified:	2019-09-29 13:05 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-11 07:08:03 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0925	0	normal	SHIPPED_LIVE	Important: rhev-guest-tools-iso security and bug fix update	2013-06-11 00:35:30 UTC

Description Petr Matousek 2013-06-05 21:27:16 UTC

An unquoted search path flaw was found in the way RHEV Agent for Windows was installed into the system.

A local unprivileged user could use this flaw to increase their privileges.

References:

http://cwe.mitre.org/data/definitions/428.html

Comment 2 errata-xmlrpc 2013-06-10 20:51:45 UTC

This issue has been addressed in following products:

  RHEV Manager version 3.2

Via RHSA-2013:0925 https://rhn.redhat.com/errata/RHSA-2013-0925.html

Note You need to log in before you can comment on or make changes to this bug.