CVE-2007-0998
HVM guest VNC server allows compromise of entire host OS by any VNC console user
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
La implementaciĆ³n del servidor VNC en QEMU, como es usada por Xen y posiblemente otros entornos, permite a usuarios locales de un sistema operativo invitado leer archivos arbitrarios en el sistema operativo host por medio de vectores no especificados relacionados con el modo de monitoreo de QEMU, como es demostrado al mapear archivos hacia un dispositivo CDROM. NOTA: algunos de estos detalles son obtenidos a partir de informaciĆ³n de terceros.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-16 CVE Reserved
- 2007-03-20 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (18)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/34304 | Vdb Entry | |
| http://secunia.com/advisories/51413 | Third Party Advisory | |
| http://www.securityfocus.com/bid/22967 | Vdb Entry | |
| http://www.securitytracker.com/id?1017764 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/33085 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2007-0114.html | 2017-10-11 |
| URL | Date | SRC |
|---|---|---|
| http://fedoranews.org/cms/node/2802 | 2017-10-11 | |
| http://fedoranews.org/cms/node/2803 | 2017-10-11 | |
| http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html | 2017-10-11 | |
| http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html | 2017-10-11 | |
| http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html | 2017-10-11 | |
| http://secunia.com/advisories/24575 | 2017-10-11 | |
| http://www.vupen.com/english/advisories/2007/1019 | 2017-10-11 | |
| http://www.vupen.com/english/advisories/2007/1020 | 2017-10-11 | |
| http://www.vupen.com/english/advisories/2007/1021 | 2017-10-11 | |
| https://access.redhat.com/security/cve/CVE-2007-0998 | 2007-03-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=230295 | 2007-03-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | desktop |
Safe
|
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | desktop_multiple_os |
Safe
|
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | server |
Safe
|
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0" | virtualization |
Safe
|
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core_5.0 Search vendor "Redhat" for product "Fedora Core" and version "core_5.0" | - |
Safe
|
| Xen Search vendor "Xen" | Qemu Search vendor "Xen" for product "Qemu" | * | - |
Affected
| in | Redhat Search vendor "Redhat" | Fedora Core Search vendor "Redhat" for product "Fedora Core" | core6 Search vendor "Redhat" for product "Fedora Core" and version "core6" | - |
Safe
|