PT-2013-6348 · Red Hat+2 · Libguestfs+3

Published

1970-01-01

Updated

2024-06-15

CVE-2013-4419

CVSS v2.0

6.8

Medium

Vector

AV:A/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libguestfs versions 1.20.12 and earlier libguestfs versions 1.22.7 and earlier

Description The issue affects the guestfish command in libguestfs, allowing local users to execute arbitrary commands by creating a temporary socket file in the /tmp/.guestfish-$UID/ directory. This can lead to a violation of confidentiality, integrity, and availability of protected information.

Recommendations For libguestfs versions 1.20.12 and earlier, consider disabling the guestfish command until a patch is available. For libguestfs versions 1.22.7 and earlier, restrict access to the --remote and --listen options to minimize the risk of exploitation. Avoid using the --remote and --listen options in the affected guestfish command until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2015-04344

BDU:2015-04345

BDU:2015-04346

BDU:2015-04347

BDU:2015-04348

CESA-2013_1536

CVE-2013-4419

OPENSUSE-SU-2024:10032-1

RHSA-2013:1536

RHSA-2013_1536

SUSE-SU-2013_1626-1

Affected Products

Centos

Red Hat

Suse

Libguestfs

PT-2013-6348 · Red Hat+2 · Libguestfs+3

CVE-2013-4419

Weakness Enumeration

Related Identifiers

Affected Products

References · 34