CVE-2013-4419 — Insecure Temporary File in Libguestfs

CWE-264 CWE-377 — Insecure Temporary File9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 75.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libguestfs Novell Suse Linux Enterprise Server Suse Linux Enterprise Software Development KIT

Timeline

PublishedNov 5

Latest updateMay 14

Description

The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.

CVSS vector

AV:A/AC:H/C:C/I:C/A:CExploitability: 3.2 | Impact: 10.0

Affected Packages4 packages

▶Debianlibguestfs/libguestfs< 1:1.22.7-1+3

▶NVDlibguestfs/libguestfs1.20.0 — 1.20.12+1

▶NVDnovell/suse_linux_enterprise_server11.0

▶NVDsuse/suse_linux_enterprise_software_development_kit11.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-3vxx-8f6w-cpxp: The guestfish command in libguestfs 1↗2022-05-14

▶

OSV

CVE-2013-4419: The guestfish command in libguestfs 1↗2013-11-05

▶

CVEList

CVE-2013-4419: The guestfish command in libguestfs 1↗2013-11-05

▶

📋Vendor Advisories

Red Hat

libguestfs: insecure temporary directory handling for guestfish's network socket↗2013-10-17

▶

Debian

CVE-2013-4419: libguestfs - The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the...↗2013

▶

💬Community

Bugzilla

CVE-2013-4419 libguestfs: insecure temporary directory handling for guestfish's network socket [epel-5]↗2013-10-18

▶

Bugzilla

CVE-2013-4419 libguestfs: insecure temporary directory handling for guestfish's network socket [fedora-all]↗2013-10-17

▶

Bugzilla

CVE-2013-4419 libguestfs: insecure temporary directory handling for guestfish's network socket↗2013-10-09

▶