CVE-2007-3919

xen xenmon.py / xenbaked insecure temporary file accesss

Severity Score

6.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

El (1) xenbaked y el (2) xenmon.py en el Xen 3.1 y versiones anteriores permite a usuarios locales truncar ficheros de su elección a través de un ataque de enlaces simbólicos en el /tmp/xenq-shm.

*Credits: N/A

CVSS Scores

NISTv2 6.0

Attack Vector

Local

Attack Complexity

Medium

Authentication

Single

Confidentiality

None

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-07-20 CVE Reserved
2007-10-25 CVE Published
2023-03-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-59: Improper Link Resolution Before File Access ('Link Following')
CWE-377: Insecure Temporary File

CAPEC

References (20)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795	X_refsource_misc
http://osvdb.org/41342	Vdb Entry
http://osvdb.org/41343	Vdb Entry
http://secunia.com/advisories/27486	Third Party Advisory
http://secunia.com/advisories/29963	Third Party Advisory
http://www.securityfocus.com/bid/26190	Vdb Entry
http://www.securitytracker.com/id?1018859	Vdb Entry
http://www.vupen.com/english/advisories/2007/3621	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/37403	Vdb Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913	Signature

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/27389	2017-09-29
http://secunia.com/advisories/27408	2017-09-29
http://secunia.com/advisories/27497	2017-09-29
http://www.debian.org/security/2007/dsa-1395	2017-09-29
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203	2017-09-29
http://www.redhat.com/support/errata/RHSA-2008-0194.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html	2017-09-29
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html	2017-09-29
https://access.redhat.com/security/cve/CVE-2007-3919	2008-05-13
https://bugzilla.redhat.com/show_bug.cgi?id=350421	2008-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	alpha	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	amd64	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	arm	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	hppa	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	ia-32	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	ia-64	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	m68k	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	mips	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	mipsel	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	powerpc	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	s390	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_1 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_1"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	sparc	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	alpha	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	amd64	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	arm	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	hppa	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	ia-32	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	ia-64	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	m68k	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	mips	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	mipsel	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	powerpc	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	s390	Safe
Xensource Inc Search vendor "Xensource Inc"	Xen Search vendor "Xensource Inc" for product "Xen"	3.0.3_0_3 Search vendor "Xensource Inc" for product "Xen" and version "3.0.3_0_3"	-	Affected	in	Debian Search vendor "Debian"	Debian Linux Search vendor "Debian" for product "Debian Linux"	4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"	sparc	Safe