An unquoted search path flaw was found in the way qemu guest agent service for Windows was installed into the system. A local unprivileged user could use this flaw to increase their privileges. References: http://cwe.mitre.org/data/definitions/428.html Acknowledgements: This issue was discovered by Lev Veyde of Red Hat.
Statement: This issue does not affect the kvm package as shipped with Red Hat Enterprise Linux 5. This issue does not affect the xen package as shipped with Red Hat Enterprise Linux 5. This issue does affect the qemu-kvm package as shipped with Red Hat Enterprise Linux 6. Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw.
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 986943]
Created attachment 776902 [details] Proposed upstream patch
This issue has been addressed in following products: Supplementary for Red Hat Enterprise Linux 6 Via RHSA-2013:1101 https://rhn.redhat.com/errata/RHSA-2013-1101.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1100 https://rhn.redhat.com/errata/RHSA-2013-1100.html