Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4993

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2007-4993
Last Modified 07 Mar 2011 09:59:53
Published 27 Sep 2007 01:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4993

Summary

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

Vulnerable Systems

Application

  • Xensource Inc Xen 3.0.3


References

FEDORA - FEDORA-2007-713

FEDORA - FEDORA-2007-2270

FEDORA - FEDORA-2007-2708

CONFIRM - https://issues.rpath.com/browse/RPL-1752

VUPEN - ADV-2007-3348

UBUNTU - USN-527

BID - 25825

BUGTRAQ - 20071008 rPSA-2007-0210-1 xen

REDHAT - RHSA-2007:0323

MANDRIVA - MDKSA-2007:203

DEBIAN - DSA-1384

SECUNIA - 27486

SECUNIA - 27161

SECUNIA - 27141

SECUNIA - 27103

SECUNIA - 27085

SECUNIA - 27072

SECUNIA - 27047

SECUNIA - 26986

CONFIRM - http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068

UBUNTU - USN-527-1


Last Updated: 27 May 2016 10:44:56