CVE-2013-2124
https://notcve.org/view.php?id=CVE-2013-2124
Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before 1.20.7, 1.21.x, 1.22.0, and 1.23.0 allows remote attackers to cause a denial of service (crash) via empty guest files. Vulnerabilidad de doble liberación en inspect-fs.c en LibguestFS 1.20.x anterior a 1.20.7, 1.21.x, 1.22.0 y 1.23.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de archivos de invitados vacíos. • http://osvdb.org/93724 http://seclists.org/oss-sec/2013/q2/431 http://www.securityfocus.com/bid/60205 https://exchange.xforce.ibmcloud.com/vulnerabilities/85145 https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html •
CVE-2013-4419 – libguestfs: insecure temporary directory handling for guestfish's network socket
https://notcve.org/view.php?id=CVE-2013-4419
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance. El comando guestfish en libguestfs 1.20.12, 1.22.7 y anteriores versiones, cuando se usa la opción --remote o --listen, no comprueba adecuadamente la propiedad de /tmp/.guestfish-$UID/ al crear un archivo de socket temporal en este directorio, lo que permite a usuarios locales escribir en el socket y ejecutar comandos arbitrarios mediante la creación de /tmp/.guestfish-$UID/ por adelantado. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1536.html http://secunia.com/advisories/55813 https://bugzilla.redhat.com/show_bug.cgi?id=1016960 https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html https://access.redhat.com/security/cve/CVE-2013-4419 • CWE-264: Permissions, Privileges, and Access Controls CWE-377: Insecure Temporary File •