CVE-2013-4367 — Incorrect Permission Assignment in Ovirt-engine

CWE-732 — Incorrect Permission Assignment6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 71.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ovirt-engine Ovirt Ovirt-engine

Timeline

PublishedNov 1

Latest updateMay 5

Description

ovirt-engine 3.2 running on Linux kernel 3.1 and newer creates certain files world-writeable due to an upstream kernel change which impacted how python's os.chmod() works when passed a mode of '-1'.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDovirt/ovirt-engine3.2

▶CVEListV5ovirt-engine/ovirt-engineovirt-engine 3.2 running on Linux kernel 3.1 and newer

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-7rjr-g954-m9f4: ovirt-engine 3↗2022-05-05

▶

CVEList

CVE-2013-4367: ovirt-engine 3↗2019-11-01

▶

📋Vendor Advisories

Red Hat

ovirt-engine: some config files left world-writable due to improper use of os.chmod()↗2013-09-23

▶

💬Community

Bugzilla

CVE-2013-4367 ovirt-engine: some config files left world-writable due to improper use of os.chmod()↗2013-09-24

▶

Bugzilla

CVE-2013-4367 ovirt-engine: some config files left world-writable due to improper use of os.chmod() [fedora-all]↗2013-09-24

▶