CVE-2007-6207 – Security: some HVM domain can access another domain memory.
https://notcve.org/view.php?id=CVE-2007-6207
Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains. Xen 3.x, posiblemente versiones anteriores a 3.1.2, ejecutándose en sistemas IA64, no comprueba el valor RID de mov_to_rr, lo cual permite a un dominio VTi leer memoria de otros dominios. • http://lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html http://lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html http://osvdb.org/41341 http://secunia.com/advisories/27915 http://secunia.com/advisories/29236 http://www.redhat.com/support/errata/RHSA-2008-0154.html http://www.securityfocus.com/bid/26716 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471 https://access.redhat.com/security/cve/CVE-200 • CWE-20: Improper Input Validation •
CVE-2007-5907 – kernel-xen 3.1.1 does not prevent modification of the CR4 TSC from applications (DoS possible)
https://notcve.org/view.php?id=CVE-2007-5907
Xen 3.1.1 does not prevent modification of the CR4 TSC from applications, which allows pv guests to cause a denial of service (crash). El Xen 3.1.1 no previene la modificación del CR4 TSC para aplicaciones, lo que permite a invitados pv provocar una denegación de servicio (caída). • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.xensource.com/archives/html/xen-devel/2007-10/msg00932.html http://secunia.com/advisories/28405 http://secunia.com/advisories/28412 http://secunia.com/advisories/28636 http://secunia.com/advisories/32485 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.redhat.com/support/errata/RHSA-2008-0957.html http://www.securityfocus.com/bid/27219 https://oval. • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-5906
https://notcve.org/view.php?id=CVE-2007-5906
Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints. El Xen 3.1.1 permite a usuarios invitados virtuales provocar una denegación de servicio (caída del hypervisor) mediante el uso de un registro de depuración (DR7) para establecer ciertos puntos de ruptura. • http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://lists.xensource.com/archives/html/xen-devel/2007-10/msg01048.html http://secunia.com/advisories/28405 http://secunia.com/advisories/28412 http://secunia.com/advisories/28636 http://www.novell.com/linux/security/advisories/suse_security_summary_report.html http://www.securityfocus.com/bid/27219 •
CVE-2007-3919 – xen xenmon.py / xenbaked insecure temporary file accesss
https://notcve.org/view.php?id=CVE-2007-3919
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm. El (1) xenbaked y el (2) xenmon.py en el Xen 3.1 y versiones anteriores permite a usuarios locales truncar ficheros de su elección a través de un ataque de enlaces simbólicos en el /tmp/xenq-shm. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795 http://osvdb.org/41342 http://osvdb.org/41343 http://secunia.com/advisories/27389 http://secunia.com/advisories/27408 http://secunia.com/advisories/27486 http://secunia.com/advisories/27497 http://secunia.com/advisories/29963 http://www.debian.org/security/2007/dsa-1395 http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securit • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVE-2007-4993 – Xen 3.0.3 - pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection
https://notcve.org/view.php?id=CVE-2007-4993
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements. pygrub (tools/pygrub/src/GrubConf.py) en Xen 3.0.3, en el arranque de un dominio invitado, permite a usuarios locales con privilegios elevados en el dominio invitado ejecutar comandos de su elección en el dominio 0 mediante un fichero grub.conf manipulado artesanalmente cuyo contenido es utilizado en sentencias exec. • https://www.exploit-db.com/exploits/30620 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 http://secunia.com/advisories/26986 http://secunia.com/advisories/27047 http://secunia.com/advisories/27072 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27141 http://secunia.com/advisories/27161 http://secunia.com/advisories/27486 http://www.debian.org/security/2007/dsa-1384 http://www.mandriva.com/security/advisor • CWE-20: Improper Input Validation •