CVE-2013-4419
medium
CVSS v3
—
CVSS v2
6.8
VIR risk
6.8
Description
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4419
Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1016960
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2013-4419.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | fixed | 1:1.22.7-1 |
| debian | bullseye | fixed | 1:1.22.7-1 |
| debian | forky | fixed | 1:1.22.7-1 |
| debian | sid | fixed | 1:1.22.7-1 |
| debian | trixie | fixed | 1:1.22.7-1 |
| suse | 11.0 | affected | |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| libguestfs | libguestfs | {"startIncluding":"1.20.0","endIncluding":"1.20.12"} | |
| suse | suse_linux_enterprise_software_development_kit | 11.0 | |
References
- https://www.suse.com/security/cve/CVE-2013-4419.html
- http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2013-1536.html
- http://secunia.com/advisories/55813
- https://bugzilla.redhat.com/show_bug.cgi?id=1016960
- https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html
- https://security-tracker.debian.org/tracker/CVE-2013-4419
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.