CVE-2013-4400 Information

Description

virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments.

Reference

http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e2f27e13b94f7302ad948bcacb5e02c859a25fc http://libvirt.org/git/?p=libvirt.git;a=commit;h=8c3586ea755c40d5e01b22cb7b5c1e668cdec994 http://libvirt.org/git/?p=libvirt.git;a=commit;h=b7fcc799ad5d8f3e55b89b94e599903e3c092467 http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121370.html http://secunia.com/advisories/60895 http://security.gentoo.org/glsa/glsa-201412-04.xml http://wiki.libvirt.org/page/Maintenance_Releases https://bugzilla.redhat.com/show_bug.cgi?id=1015228