[Pkg-xen-devel] Bug#490409: CVE-2008-2004: privilege escalation
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Aug 2 17:29:52 UTC 2008
Hi Julien
Thanks for your work on this issue.
> Reading Xen 3.2.1 source code, I can't see any link with this format
> stuff. However I can be wrong.
Hmm, it seems it's not format, but drv there and the check further down in
xenstore.c looks ok I guess. Note that drv seems to be bs here, the naming
could not have been more confusing when reading the patch :)
I am not sure about the bdrv_open(2) part, too late here will try and look
tomorrow again.
> So I'm not sure sid/lenny version is vulnerable.
I guess it would be good, if Bastian could comment on it, since he was
confident that the qemu code copy is vulnerable to the whole bunch of CVEs
that were assigned at that time.
Cheers
Steffen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-xen-devel/attachments/20080803/5dc7f485/attachment.pgp
More information about the Pkg-xen-devel
mailing list