Vulnerability & Exploit Database

Back to search

RHSA-2008:0194: xen security and bug fix update

Severity CVSS Published Added Modified
7 (AV:L/AC:L/Au:N/C:C/I:C/A:C) May 14, 2008 May 21, 2008 July 04, 2017

Description

The xen packages contain tools for managing the virtual machine monitor inRed Hat Virtualization.These updated packages fix the following security issues:Daniel P. Berrange discovered that the hypervisor's para-virtualizedframebuffer (PVFB) backend failed to validate the format of messagesserving to update the contents of the framebuffer. This could allow amalicious user to cause a denial of service, or compromise the privilegeddomain (Dom0). (CVE-2008-1944)Markus Armbruster discovered that the hypervisor's para-virtualizedframebuffer (PVFB) backend failed to validate the frontend's framebufferdescription. This could allow a malicious user to cause a denial ofservice, or to use a specially crafted frontend to compromise theprivileged domain (Dom0). (CVE-2008-1943)Chris Wright discovered a security vulnerability in the QEMU block formatauto-detection, when running fully-virtualized guests. Suchfully-virtualized guests, with a raw formatted disk image, were ableto write a header to that disk image describing another format. This couldallow such guests to read arbitrary files in their hypervisor's host.(CVE-2008-2004)Ian Jackson discovered a security vulnerability in the QEMU block devicedrivers backend. A guest operating system could issue a block devicerequest and read or write arbitrary memory locations, which could lead toprivilege escalation. (CVE-2008-0928)Tavis Ormandy found that QEMU did not perform adequate sanity-checking ofdata received via the "net socket listen" option. A malicious localadministrator of a guest domain could trigger this flaw to potentiallyexecute arbitrary code outside of the domain. (CVE-2007-5730)Steve Kemp discovered that the xenbaked daemon and the XenMon utilitycommunicated via an insecure temporary file. A malicious localadministrator of a guest domain could perform a symbolic link attack,causing arbitrary files to be truncated. (CVE-2007-3919)As well, in the previous xen packages, it was possible for Dom0 to fail toflush data from a fully-virtualized guest to disk, even if the guestexplicitly requested the flush. This could cause data integrity problems onthe guest. In these updated packages, Dom0 always respects the request toflush to disk.Users of xen are advised to upgrade to these updated packages, whichresolve these issues.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

redhat-upgrade-xen

Related Vulnerabilities