[Pkg-xen-devel] Bug#436250: CVE-2007-0998: possible vulnerability
Steffen Joeris
steffen.joeris at skolelinux.de
Mon Aug 6 15:47:40 UTC 2007
Package: xen-3.0
Severity: important
Hi
The following CVE[0] was issued against xen. Can you please check, if
the Debian versions are affected?
The CVE says:
The VNC server implementation in QEMU, as used by Xen and possibly
other environments, allows local users of a guest operating system
to read arbitrary files on the host operating system via unspecified
vectors related to QEMU monitor mode, as demonstrated by mapping
files to a CDROM device. NOTE: some of these details are obtained
from third party information.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0998
More information about the Pkg-xen-devel
mailing list