[Pkg-xen-devel] Bug#490409: CVE-2008-2004: privilege escalation
Steffen Joeris
steffen.joeris at skolelinux.de
Sat Jul 12 08:07:21 UTC 2008
Package: xen-3
Severity: grave
Tags: security
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xen-3.
CVE-2008-2004[0]:
| The drive_init function in QEMU 0.9.1 determines the format of a raw
| disk image based on the header, which allows local guest users to read
| arbitrary files on the host by modifying the header to identify a
| different format, which is used when the guest is restarted.
The patch for qemu can be found here[1].
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2004
http://security-tracker.debian.net/tracker/CVE-2008-2004
[1] http://svn.savannah.gnu.org/viewvc/trunk/vl.c?root=qemu&r1=4277&r2=4276&pathrev=4277
More information about the Pkg-xen-devel
mailing list