CVE-2013-4419
libguestfs < 1.20.12 - Unauthenticated Remote Code Execution via Temporary Socket File
Title source: llmDescription
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1536.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55813
Third Party Advisory mailing-list
x_refsource_mlist
https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html
Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1016960
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html
Scores
EPSS
0.0008
EPSS Percentile
24.0%
Details
CWE
CWE-264
Status
published
Products (3)
libguestfs/libguestfs
1.20.0 - 1.20.12
novell/suse_linux_enterprise_server
11.0 sp3
suse/suse_linux_enterprise_software_development_kit
11.0 sp3
Published
Nov 05, 2013
Tracked Since
Feb 18, 2026