Detections
Analytics
Linux Distros Unpatched Vulnerability : CVE-2013-6456
medium Nessus Plugin ID 218064
Language:
Synopsis
The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be patched.Description
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.- The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 allows local users to (1) delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container;
(2) create arbitrary nodes (mknod) via the virDomainDeviceAttach API and a symlink attack on /dev in the container; and cause a denial of service (shutdown or reboot host OS) via the (3) virDomainShutdown or (4) virDomainReboot API and a symlink attack on /dev/initctl in the container, related to paths under /proc/$PID/root and the virInitctlSetRunLevel function. (CVE-2013-6456)
Note that Nessus relies on the presence of the package as reported by the vendor.
Solution
There is no known solution at this time.See Also
Plugin Details
Severity: Medium
ID: 218064
File Name: unpatched_CVE_2013_6456.nasl
Version: 1.2
Type: local
Agent: unix
Family: Misc.
Published: 3/4/2025
Updated: 8/24/2025
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.2
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:A/AC:M/Au:S/C:N/I:P/A:C
CVSS Score Source: CVE-2013-6456
Vulnerability Information
CPE: p-cpe:/a:centos:centos:libvirt, p-cpe:/a:redhat:enterprise_linux:libvirt, cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7
Required KB Items: Host/OS/identifier, Host/cpu, Host/local_checks_enabled, global_settings/vendor_unpatched
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 12/17/2013
Reference Information
CVE: CVE-2013-6456