Lilibguestfs is vulnerable to arbitrary command execution. When --remote or --listen
option is used for creating a temporary socket file in this directory, the ownership of /tmp/.guestfish-$UID/
is not validated properly, leading to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CPE | Name | Operator | Version |
---|---|---|---|
libguestfs | eq | 1.16.19__1.el6 | |
libguestfs | eq | 1.7.17__26.el6 | |
libguestfs | eq | 1.7.17__17.el6 | |
libguestfs | eq | 1.2.7__1.24.el6 | |
libguestfs | eq | 1.16.34__2.el6 |
lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html
rhn.redhat.com/errata/RHSA-2013-1536.html
secunia.com/advisories/55813
access.redhat.com/security/updates/classification/#moderate
access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.5_Technical_Notes/libguestfs.html#RHSA-2013-1536
bugzilla.redhat.com/show_bug.cgi?id=1000122
bugzilla.redhat.com/show_bug.cgi?id=1016960
bugzilla.redhat.com/show_bug.cgi?id=892291
bugzilla.redhat.com/show_bug.cgi?id=892834
bugzilla.redhat.com/show_bug.cgi?id=908255
bugzilla.redhat.com/show_bug.cgi?id=909666
bugzilla.redhat.com/show_bug.cgi?id=958183
bugzilla.redhat.com/show_bug.cgi?id=971207
bugzilla.redhat.com/show_bug.cgi?id=971326
bugzilla.redhat.com/show_bug.cgi?id=971664
bugzilla.redhat.com/show_bug.cgi?id=972413
bugzilla.redhat.com/show_bug.cgi?id=973425
bugzilla.redhat.com/show_bug.cgi?id=975377
bugzilla.redhat.com/show_bug.cgi?id=975572
bugzilla.redhat.com/show_bug.cgi?id=975753
bugzilla.redhat.com/show_bug.cgi?id=975760
bugzilla.redhat.com/show_bug.cgi?id=980358
bugzilla.redhat.com/show_bug.cgi?id=980372
bugzilla.redhat.com/show_bug.cgi?id=980502
bugzilla.redhat.com/show_bug.cgi?id=983690
bugzilla.redhat.com/show_bug.cgi?id=985269
bugzilla.redhat.com/show_bug.cgi?id=988863
bugzilla.redhat.com/show_bug.cgi?id=989352
bugzilla.redhat.com/show_bug.cgi?id=996039
bugzilla.redhat.com/show_bug.cgi?id=997884
bugzilla.redhat.com/show_bug.cgi?id=998108
rhn.redhat.com/errata/RHSA-2013-1536.html
www.redhat.com/archives/libguestfs/2013-October/msg00031.html