Nico Golde
2007-Sep-28 13:42 UTC
[Pkg-xen-devel] Bug#444430: CVE-2007-4993 privilege escalation
Package: xen-3.0 Version: 3.0.3-0-2 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3.0. CVE-2007-4993[0]: | pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest | domain, allows local users with elevated privileges in the guest domain to | execute arbitrary commands in domain 0 via a crafted grub.conf file whose | contents are used in exec statements. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4993 Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20070928/a402a0ba/attachment.pgp
Apparently Analagous Threads
- Bug#446771: CVE-2007-4993 privilege escalation
- Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
- Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack
- Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability
- Bug#444007: CVE-2007-1320 multiple heap based buffer overflows
Wisdom of the Ancients
