Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libguestfs 不安全临时目录创建提权漏洞
Vulnerability Description
LibguestFS是软件开发者Richard Jones所开发的一套开源的用于访问和修改虚拟机磁盘映像文件的工具。 libguestfs 1.20.12,1.22.7及之前的版本中的guestfish命令中存在安全漏洞,该漏洞源于当程序使用--remote或--listen选项时,在/tmp/.guestfish-$UID/目录中创建临时套接字文件。本地攻击者可利用该漏洞获取其他用户guestfish会话的访问权限,执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A