-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2013-2007 / XSA-51 version 2 qemu guest agent (qga) insecure file permissions UPDATES IN VERSION 2 ==================== Public release. ISSUE DESCRIPTION ================= The qemu guest agent creates files with insecure permissions when started in daemon mode. IMPACT ====== The qemu guest agent is not used by default in Xen systems. If it is used in a particular guest, unprivileged guest processes might be able to escalate their privilege to that of the guest. VULNERABLE SYSTEMS ================== We are not aware of any Xen installations using the qemu guest agent. However, the program is built and installed (as the executable `qemu-ga') as part of the Xen management tools by the Xen build system. It is possible that a system administrator, or downstream system integrator, might have arranged to execute qemu-ga. If you have not taken steps to run qemu-ga, you are not vulnerable. MITIGATION ========== Disabling the guest agent will eliminate the vulnerability. RESOLUTION ========== Patches to resolve this problem are available from the upstream qemu project via the usual channels. The Xen Project Security Team do not intend to provide or distribute patches for this vulnerability. DETAILS ======= At the time of writing the information we have about this vulnerability is as follows: Subject: [PATCH] qga: set umask 0077 when daemonizing (CVE-2013-2007) The qemu guest agent creates a bunch of files with insecure permissions when started in daemon mode. For example: -rw-rw-rw- 1 root root /var/log/qemu-ga.log -rw-rw-rw- 1 root root /var/run/qga.state -rw-rw-rw- 1 root root /var/log/qga-fsfreeze-hook.log In addition, at least all files created with the "guest-file-open" QMP command, and all files created with shell output redirection (or otherwise) by utilities invoked by the fsfreeze hook script are affected. ... For authoritative further information, and patches, please refer to the information provided by the qemu upstream project. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRiB3/AAoJEIP+FMlX6CvZq5wH/3Jsx5JbsgRtpnKYFBzz/zg/ Lps97aIflPh13FoyXi12eImErF6xBHzhca21Sh15m039hxmkW4ehTD/jPGyVLR8D d6rlN5GXHqBLhZWRFESQowRgyLZ1rgOUR5feqYFf8lzP7U+jP+qcZoKj+Rplx52n EFuD+hBFxq1wpnja2hvBfFDTChO6SncV4EO5MSjH4bnSLVrmdarLFtfpKd4A61f1 zn7xkk0+uua1EJScMtydmhfoiCK/6KIg1YjnQ36i7wekkc14p2Nvmu0UGvR4Rf2y y2UDB/7shCieedhV3BHWezIx4CMPLHtWHJZSvgBQzkVzUkz67NiblzhHCSv9FkU= =Nsga -----END PGP SIGNATURE-----