Rapid7 Vulnerability & Exploit Database

RHSA-2013:1101: virtio-win security update

Back to Search

RHSA-2013:1101: virtio-win security update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
07/22/2013
Created
07/25/2018
Added
07/24/2013
Modified
07/04/2017

Description

The virtio-win package provides paravirtualized network drivers for mostMicrosoft Windows operating systems. Paravirtualized drivers arevirtualization-aware drivers used by fully virtualized guests running onRed Hat Enterprise Linux.An unquoted search path flaw was found in the way the QEMU Guest Agentservice installation was performed on Windows. Depending on the permissionsof the directories in the unquoted search path, a local, unprivileged usercould use this flaw to have a binary of their choosing executed with SYSTEMprivileges. (CVE-2013-2231)This issue was discovered by Lev Veyde of Red Hat.Users of virtio-win are advised to upgrade to this updated package, whichcorrects this issue.

Solution(s)

  • redhat-upgrade-virtio-win

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;