[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] FYI: CVE-2012-2690: virt-edit / guestfish edit didn't preserve permissions on edited files.



Old versions of both virt-edit and the guestfish "edit" command
created a new file containing the changes but did not set the
permissions, etc of the new file to match the old one.  The result of
this was that if you edited a security sensitive file such as
"/etc/shadow" then it would be left world-readable after the edit.

This issue was assigned CVE-2012-2690, and is fixed in
libguestfs >= 1.16.

For further information, see

https://bugzilla.redhat.com/show_bug.cgi?id=788642

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]