CVE-2013-4419 | Date: (C)2013-11-10 (M)2023-12-22 |
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVSS Score and Metrics +CVSS Score and Metrics -CVSS V2 Severity: |
CVSS Score : 6.8 |
Exploit Score: 3.2 |
Impact Score: 10.0 |
|
CVSS V2 Metrics: |
Access Vector: ADJACENT_NETWORK |
Access Complexity: HIGH |
Authentication: NONE |
Confidentiality: COMPLETE |
Integrity: COMPLETE |
Availability: COMPLETE |
| |