Rapid7 Vulnerability & Exploit Database

RHSA-2009:0003: xen security and bug fix update

Back to Search

RHSA-2009:0003: xen security and bug fix update



The xen packages contain the Xen tools and management daemons needed tomanage virtual machines running on Red Hat Enterprise Linux.Xen was found to allow unprivileged DomU domains to overwrite xenstorevalues which should only be changeable by the privileged Dom0 domain. Anattacker controlling a DomU domain could, potentially, use this flaw tokill arbitrary processes in Dom0 or trick a Dom0 user into accessing thetext console of a different domain running on the same host. This updatemakes certain parts of the xenstore tree read-only to the unprivileged DomUdomains. (CVE-2008-4405)It was discovered that the qemu-dm.debug script created a temporary file in/tmp in an insecure way. A local attacker in Dom0 could, potentially, usethis flaw to overwrite arbitrary files via a symlink attack. Note: Thisscript is not needed in production deployments and therefore was removedand is not shipped with updated xen packages. (CVE-2008-4993)This update also fixes the following bug:All xen users are advised to upgrade to these updated packages, whichcontain backported patches to resolve these issues. The Xen host must berestarted for the update to take effect.


  • redhat-upgrade-xen
  • redhat-upgrade-xen-devel
  • redhat-upgrade-xen-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center