Vulnerability Details : CVE-2013-4400
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.
Exploit prediction scoring system (EPSS) score for CVE-2013-4400
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4400
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2013-4400
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4400
-
http://wiki.libvirt.org/page/Maintenance_Releases
Maintenance Releases - Libvirt Wiki
-
http://security.gentoo.org/glsa/glsa-201412-04.xml
libvirt: Multiple vulnerabilities (GLSA 201412-04) — Gentoo security
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html
[SECURITY] Fedora 20 Update: libvirt-1.1.3.1-1.fc20
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=8c3586ea755c40d5e01b22cb7b5c1e668cdec994
libvirt.org Git
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=b7fcc799ad5d8f3e55b89b94e599903e3c092467
libvirt.org Git
-
https://bugzilla.redhat.com/show_bug.cgi?id=1015228
1015228 – (CVE-2013-4400) CVE-2013-4400 libvirt: virt-login-shell arbitrary file overwrites vulnerabilityPatch
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=3e2f27e13b94f7302ad948bcacb5e02c859a25fc
libvirt.org Git
Products affected by CVE-2013-4400
- cpe:2.3:a:redhat:libvirt:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.3:*:*:*:*:*:*:*