Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:libguestfs:libguestfs:1.22.5:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-4419 |
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. Published: November 05, 2013; 3:55:29 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |