Vulnerability Details : CVE-2013-4291
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
Products affected by CVE-2013-4291
- cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:0.10.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-4291
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4291
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2013-4291
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4291
-
http://wiki.libvirt.org/page/Maintenance_Releases
Maintenance Releases - Libvirt WikiPatch
-
http://libvirt.org/git/?p=libvirt.git%3Ba=commitdiff%3Bh=fe11d34a6d46d6641ce90dc665164fda7bb6bff8
libvirt.org Git
-
http://libvirt.org/news.html
libvirt: Releases
-
https://bugzilla.redhat.com/show_bug.cgi?id=1006509
1006509 – (CVE-2013-4291) CVE-2013-4291 libvirt: supplementary groups not adjusted correctly when parsing labelPatch
Jump to