Detections
Analytics
Scientific Linux Security Update : libguestfs on SL6.x x86_64 (20120620)
low Nessus Plugin ID 61339
Language:
Synopsis
The remote Scientific Linux host is missing one or more security updates.Description
libguestfs is a library for accessing and modifying guest disk images.It was found that editing files with virt-edit left said files in a world-readable state (and did not preserve the file owner or Security-Enhanced Linux context). If an administrator on the host used virt-edit to edit a file inside a guest, the file would be left with world-readable permissions. This could lead to unprivileged guest users accessing files they would otherwise be unable to.
(CVE-2012-2690)
These updated libguestfs packages include numerous bug fixes and enhancements.
Users of libguestfs are advised to upgrade to these updated packages, which fix these issues and add these enhancements.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Low
ID: 61339
File Name: sl_20120620_libguestfs_on_SL6_x.nasl
Version: 1.5
Type: local
Agent: unix
Published: 8/1/2012
Updated: 1/14/2021
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.7
CVSS v2
Risk Factor: Low
Base Score: 2.1
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: p-cpe:/a:fermilab:scientific_linux:libguestfs, p-cpe:/a:fermilab:scientific_linux:libguestfs-debuginfo, p-cpe:/a:fermilab:scientific_linux:libguestfs-devel, p-cpe:/a:fermilab:scientific_linux:libguestfs-java, p-cpe:/a:fermilab:scientific_linux:libguestfs-java-devel, p-cpe:/a:fermilab:scientific_linux:libguestfs-javadoc, p-cpe:/a:fermilab:scientific_linux:libguestfs-tools, p-cpe:/a:fermilab:scientific_linux:libguestfs-tools-c, p-cpe:/a:fermilab:scientific_linux:ocaml-libguestfs, p-cpe:/a:fermilab:scientific_linux:ocaml-libguestfs-devel, p-cpe:/a:fermilab:scientific_linux:perl-sys-guestfs, p-cpe:/a:fermilab:scientific_linux:python-libguestfs, p-cpe:/a:fermilab:scientific_linux:ruby-libguestfs, x-cpe:/o:fermilab:scientific_linux
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Patch Publication Date: 6/20/2012
Vulnerability Publication Date: 6/29/2012
Reference Information
CVE: CVE-2012-2690