CVE-2013-4400

Severity CVSS v4.0:

Pending analysis

Type:

CWE-264 Permissions, Privileges, and Access Control

Publication date:

09/12/2013

Last modified:

11/04/2025

Description

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.

Impact

Vector 2.0

AV:L/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.20 HIGH
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Local
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

7.20

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:redhat:libvirt:1.1.2:::::::*
cpe:2.3:a:redhat:libvirt:1.1.3:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3D3e2f27e13b94f7302ad948bcacb5e02c859a25fc
http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3D8c3586ea755c40d5e01b22cb7b5c1e668cdec994
http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3Db7fcc799ad5d8f3e55b89b94e599903e3c092467
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://wiki.libvirt.org/page/Maintenance_Releases
https://bugzilla.redhat.com/show_bug.cgi?id=1015228
http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3D3e2f27e13b94f7302ad948bcacb5e02c859a25fc
http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3D8c3586ea755c40d5e01b22cb7b5c1e668cdec994
http://libvirt.org/git/?p=libvirt.git%3Ba%3Dcommit%3Bh%3Db7fcc799ad5d8f3e55b89b94e599903e3c092467
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html
http://secunia.com/advisories/60895
http://security.gentoo.org/glsa/glsa-201412-04.xml
http://wiki.libvirt.org/page/Maintenance_Releases
https://bugzilla.redhat.com/show_bug.cgi?id=1015228