Red Hat Bugzilla – Bug 1015228
CVE-2013-4400 libvirt: virt-login-shell arbitrary file overwrites vulnerability
Last modified: 2015-10-15 14:02:05 EDT
It was reported that virt-login-shell, an suid-root program, did not sanitize its environment variables or command-line interface arguments properly. This could allow a local user to overwrite arbitrary files as root and elevate their privileges.
This vulnerability was introduced in libvirt 1.1.2.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
This issue did not affect the versions of libvirt package as shipped with Red Hat Enterprise Linux 5 and 6.
Created libvirt tracking bugs for this issue:
Affects: fedora-all [bug 1025685]
libvirt-18.104.22.168-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.