[Pkg-xen-devel] Bug#490409: CVE-2008-2004: privilege escalation

Steffen Joeris steffen.joeris at skolelinux.de
Sat Aug 2 17:29:52 UTC 2008


Hi Julien

Thanks for your work on this issue.
> Reading Xen 3.2.1 source code, I can't see any link with this format
> stuff. However I can be wrong.
Hmm, it seems it's not format, but drv there and the check further down in 
xenstore.c looks ok I guess. Note that drv seems to be bs here, the naming 
could not have been more confusing when reading the patch :)
I am not sure about the bdrv_open(2) part, too late here will try and look 
tomorrow again.


> So I'm not sure sid/lenny version is vulnerable.
I guess it would be good, if Bastian could comment on it, since he was 
confident that the qemu code copy is vulnerable to the whole bunch of CVEs 
that were assigned at that time.

Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080803/5dc7f485/attachment.pgp 


More information about the Pkg-xen-devel mailing list