Nico Golde
2007-Nov-17 15:39 UTC
[Pkg-xen-devel] Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
Package: xen-3 Version: 3.1.0-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2007-5907[0]: | Xen 3.1.1 does not prevent modification of the CR4 TSC from | applications, which allows pv guests to cause a denial of service | (crash). CVE-2007-5906[1]: | Xen 3.1.1 allows virtual guest system users to cause a | denial of service (hypervisor crash) by using a debug | register (DR7) to set certain breakpoints. If you fix this vulnerability please also include the CVE id in your changelog entry. A patch for these issues is linked on the mitre website. The xen version in etch is also affected. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5907 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5906 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20071117/95708eb3/attachment.pgp
Bastian Blank
2007-Nov-18 20:16 UTC
[Pkg-xen-devel] Bug#451626: Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
On Sat, Nov 17, 2007 at 04:39:27PM +0100, Nico Golde wrote:> CVE-2007-5907[0]: > | Xen 3.1.1 does not prevent modification of the CR4 TSC from > | applications, which allows pv guests to cause a denial of service > | (crash).Submitted patch looks too different to applied version. Not reviewed. Postponed until someone shows that it is a crash in the hypervisor, the commit is not marked as security fix.> CVE-2007-5906[1]: > | Xen 3.1.1 allows virtual guest system users to cause a > | denial of service (hypervisor crash) by using a debug > | register (DR7) to set certain breakpoints.Fixed in xen-3.1-testing.hg in changeset 15493:27347d6d73a3, included in 3.1.2. Bastian -- Extreme feminine beauty is always disturbing. -- Spock, "The Cloud Minders", stardate 5818.4
Reasonably Related Threads
- Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack
- Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
- Bug#444007: CVE-2007-1320 multiple heap based buffer overflows
- Bug#444430: CVE-2007-4993 privilege escalation
- Bug#446771: CVE-2007-4993 privilege escalation