PT-2013-6348 · Red Hat+2 · Libguestfs+3

Publicado

1970-01-01

Atualizado

2024-06-15

CVE-2013-4419

CVSS v2.0

6.8

Média

Vetor

AV:A/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libguestfs versions 1.20.12 and earlier libguestfs versions 1.22.7 and earlier

Description The issue affects the guestfish command in libguestfs, allowing local users to execute arbitrary commands by creating a temporary socket file in the /tmp/.guestfish-$UID/ directory. This can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For libguestfs versions 1.20.12 and earlier, consider disabling the guestfish command until a patch is available. For libguestfs versions 1.22.7 and earlier, restrict access to the --remote and --listen options to minimize the risk of exploitation. Avoid using the --remote and --listen options in the affected guestfish command until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

BDU:2015-04344

BDU:2015-04345

BDU:2015-04346

BDU:2015-04347

BDU:2015-04348

CESA-2013_1536

CVE-2013-4419

OPENSUSE-SU-2024:10032-1

RHSA-2013:1536

RHSA-2013_1536

SUSE-SU-2013_1626-1

Produtos afetados

Centos

Red Hat

Suse

Libguestfs

PT-2013-6348 · Red Hat+2 · Libguestfs+3

CVE-2013-4419

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34