[Pkg-xen-devel] Bug#490409: CVE-2008-2004: privilege escalation

Julien Danjou acid at debian.org
Sat Aug 2 16:19:13 UTC 2008


At 1215850041 time_t, Steffen Joeris wrote:
> CVE-2008-2004[0]:
> | The drive_init function in QEMU 0.9.1 determines the format of a raw
> | disk image based on the header, which allows local guest users to read
> | arbitrary files on the host by modifying the header to identify a
> | different format, which is used when the guest is restarted.
> 
> The patch for qemu can be found here[1].
> 
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.

I took a look on Fedora repository, and I got
this for Fedora 7 (Xen 3.0):
http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/xen/F-7/xen-qemu-block-no-auto-format.patch?root=extras&rev=1.1&sortby=date
this for Fedora 8 (Xen 3.1):
http://cvs.fedora.redhat.com/viewcvs/*checkout*/rpms/xen/F-8/xen-qemu-block-no-auto-format.patch?root=extras

Reading Xen 3.2.1 source code, I can't see any link with this format
stuff. However I can be wrong.

So I'm not sure sid/lenny version is vulnerable.

Cheers,
-- 
Julien Danjou
.''`.  Debian Developer
: :' : http://julien.danjou.info
`. `'  http://people.debian.org/~acid
  `-   9A0D 5FD9 EB42 22F6 8974  C95C A462 B51E C2FE E5CD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080802/008c06fe/attachment.pgp 


More information about the Pkg-xen-devel mailing list