CVE-2013-4280
Description
Insecure temporary file vulnerability in RedHat vsdm 4.9.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- RedHat/vdsmv5Range: through 2013-07-24
Patches
Vulnerability mechanics
Root cause
"The software creates temporary files in world-writable directories without proper access controls."
Attack vector
An attacker could exploit this vulnerability by creating symbolic links in the /tmp directory that point to sensitive files. When the VDSM service subsequently writes to or reads from these temporary files, it may inadvertently overwrite or expose sensitive data. This is particularly concerning for files like logs, as noted in the reference write-ups [ref_id=1].
Affected code
The vulnerability is present in multiple Python files within the VDSM package. Specifically, the code references the use of the /tmp directory for temporary files in files such as './vdsm/storage/storageServer.py', './vdsm/utils.py', and './vdsm_reg/save-config' [ref_id=1].
What the fix does
The advisory indicates that Red Hat Storage 2 is in an Extended Life Cycle phase and this issue is not planned for future updates [ref_id=1]. Therefore, no specific patch or fix explanation is available. Users are advised to consult Red Hat's support policies for further information regarding this vulnerability.
Preconditions
- inputThe attacker must be able to create files or symbolic links within the /tmp directory.
- configThe VDSM service must be running and configured to use /tmp for temporary file operations.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3- access.redhat.com/security/cve/cve-2013-4280mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- security-tracker.debian.org/tracker/CVE-2013-4280mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.