[Pkg-xen-devel] Bug#444430: CVE-2007-4993 privilege escalation
Nico Golde
nion at debian.org
Fri Sep 28 13:42:25 UTC 2007
Package: xen-3.0
Version: 3.0.3-0-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.0.
CVE-2007-4993[0]:
| pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest
| domain, allows local users with elevated privileges in the guest domain to
| execute arbitrary commands in domain 0 via a crafted grub.conf file whose
| contents are used in exec statements.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4993
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20070928/a402a0ba/attachment.pgp
More information about the Pkg-xen-devel
mailing list