CVE-2022-2211 – libguestfs: Buffer overflow in get_keys leads to DoS
https://notcve.org/view.php?id=CVE-2022-2211
A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor. Se ha encontrado una vulnerabilidad en libguestfs. Este problema es producido al calcular el mayor número posible de claves coincidentes en la función get_keys(). • https://access.redhat.com/security/cve/CVE-2022-2211 https://bugzilla.redhat.com/show_bug.cgi?id=2100862 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2013-2124
https://notcve.org/view.php?id=CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Vulnerabilidad de doble liberación en inspect-fs.c en LibguestFS 1.20.x anterior a 1.20.7, 1.21.x, 1.22.0 y 1.23.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de archivos de invitados vacíos. • http://osvdb.org/93724 http://seclists.org/oss-sec/2013/q2/431 http://www.securityfocus.com/bid/60205 https://exchange.xforce.ibmcloud.com/vulnerabilities/85145 https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html •
CVE-2013-4419 – libguestfs: insecure temporary directory handling for guestfish's network socket
https://notcve.org/view.php?id=CVE-2013-4419
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. El comando guestfish en libguestfs 1.20.12, 1.22.7 y anteriores versiones, cuando se usa la opción --remote o --listen, no comprueba adecuadamente la propiedad de /tmp/.guestfish-$UID/ al crear un archivo de socket temporal en este directorio, lo que permite a usuarios locales escribir en el socket y ejecutar comandos arbitrarios mediante la creación de /tmp/.guestfish-$UID/ por adelantado. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1536.html http://secunia.com/advisories/55813 https://bugzilla.redhat.com/show_bug.cgi?id=1016960 https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html https://access.redhat.com/security/cve/CVE-2013-4419 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •
CVE-2012-2690 – libguestfs: virt-edit creates a new file, when it is used leading to loss of file attributes (permissions, owner, SELinux context etc.)
https://notcve.org/view.php?id=CVE-2012-2690
virt-edit in libguestfs before 1.18.0 does not preserve the permissions from the original file and saves the new file with world-readable permissions when editing, which might allow local guest users to obtain sensitive information. virt-edit de libguestfs anteriores a 1.18.0 no conserva los permisos del archivo original y guarda el nuevo fichero con permisos de lectura para otros al editar, lo que puede permitir a usuarios locales inviados obtener información confidencial. • http://rhn.redhat.com/errata/RHSA-2012-0774.html http://secunia.com/advisories/49431 http://secunia.com/advisories/49545 http://www.securityfocus.com/bid/53932 https://exchange.xforce.ibmcloud.com/vulnerabilities/76220 https://www.redhat.com/archives/libguestfs/2012-May/msg00104.html https://access.redhat.com/security/cve/CVE-2012-2690 https://bugzilla.redhat.com/show_bug.cgi?id=831117 • CWE-255: Credentials Management Errors •
CVE-2010-3851 – libguestfs: missing disk format specifier when adding a disk
https://notcve.org/view.php?id=CVE-2010-3851
libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 and earlier, and possibly other products, when a raw-format disk image is used, allows local guest OS administrators to read files from the host via a crafted (1) qcow2, (2) VMDK, or (3) VDI header, related to lack of support for a disk format specifier. libguestfs anterior a v1.5.23, que se utiliza en virt-V2V, virt-inspector v1.5.3 y anteriores, y posiblemente otros productos, cuando una imagen de disco sin formato se utiliza, permite a administradores locales del sistema operativo leer archivos desde el host mediante un (1) qcow2, (2) VMDK, o (3) VDI header manipulado, relacionados con la falta de apoyo de un especificador de formato de disco. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050742.html http://rwmj.wordpress.com/2010/10/23/new-libguestfs-stable-versions http://secunia.com/advisories/41797 http://secunia.com/advisories/42235 http://www.redhat.com/support/errata/RHSA-2011-0586.html http://www.securityfocus.com/bid/44166 http://www.vupen.com/english/advisories/2010/2874 http://www.vupen.com/english/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •