Libguestfs
CVE-2013-4419
MEDIUM
Severity by source
AV:A/AC:H/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:A/AC:H/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
AnalysisAI
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary. Rated medium severity (CVSS 6.8).
Technical ContextAI
This vulnerability is classified under CWE-264. The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. Affected products include: Libguestfs, Suse Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Server.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Libguestfs
View allDouble free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote a
A vulnerability was found in libguestfs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, n
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file wi
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today