Nico Golde
2008-Feb-04 21:16 UTC
[Pkg-xen-devel] Bug#464044: xen-unstable: CVE-2007-3919 prone to symlink attack
Source: xen-unstable Version: 3.0-unstable+hg11561-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2007-3919[0]: | (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local | users to truncate arbitrary files via a symlink attack on | /tmp/xenq-shm. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3919 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080204/d55d9fb4/attachment.pgp
Debian Bug Tracking System
2008-Jul-04 18:15 UTC
[Pkg-xen-devel] Bug#464044: marked as done (xen-unstable: CVE-2007-3919 prone to symlink attack)
Your message dated Fri, 4 Jul 2008 20:11:41 +0200 with message-id <20080704181141.GA11637 at wavehammer.waldi.eu.org> and subject line fixed has caused the Debian Bug report #464044, regarding xen-unstable: CVE-2007-3919 prone to symlink attack to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 464044: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464044 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Nico Golde <nion at debian.org> Subject: xen-unstable: CVE-2007-3919 prone to symlink attack Date: Mon, 4 Feb 2008 22:16:55 +0100 Size: 2646 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080704/f76a51fb/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: Bastian Blank <waldi at debian.org> Subject: fixed Date: Fri, 4 Jul 2008 20:11:41 +0200 Size: 1227 Url: http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080704/f76a51fb/attachment-0001.eml
Apparently Analagous Threads
- Bug#447795: xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss
- Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
- In-memory databases vs PHP Bindings
- Bug#487097: xen-unstable: multiple security issues
- Bug#451626: CVE-2007-5907, CVE-2007-5906 possible denial of service vulnerability