CVE-2013-4419 — MEDIUM (6.8)

Q: How severe is CVE-2013-4419?

CVE-2013-4419 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4419?

Check the references section above for vendor advisories and patch information. Affected products include: Libguestfs Libguestfs, Suse Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Server.

Vulnerability Description

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

CVSS Score

6.8

MEDIUM

AV:A/AC:H/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Libguestfs	Libguestfs	>= 1.20.0, <= 1.20.12
Suse	Suse Linux Enterprise Software Development Kit	11.0
Novell	Suse Linux Enterprise Server	11.0

Related Weaknesses (CWE)

CWE-264

References

http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1536.htmlThird Party Advisory
http://secunia.com/advisories/55813Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1016960PatchThird Party Advisory
https://www.redhat.com/archives/libguestfs/2013-October/msg00031.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2013-1536.htmlThird Party Advisory
http://secunia.com/advisories/55813Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1016960PatchThird Party Advisory
https://www.redhat.com/archives/libguestfs/2013-October/msg00031.htmlThird Party Advisory

FAQ

What is CVE-2013-4419?

CVE-2013-4419 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary s...

How severe is CVE-2013-4419?

CVE-2013-4419 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4419?

Check the references section above for vendor advisories and patch information. Affected products include: Libguestfs Libguestfs, Suse Suse Linux Enterprise Software Development Kit, Novell Suse Linux Enterprise Server.