// For flags

CVE-2007-4993

Xen 3.0.3 - pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection

Severity Score

7.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

pygrub (tools/pygrub/src/GrubConf.py) en Xen 3.0.3, en el arranque de un dominio invitado, permite a usuarios locales con privilegios elevados en el dominio invitado ejecutar comandos de su elección en el dominio 0 mediante un fichero grub.conf manipulado artesanalmente cuyo contenido es utilizado en sentencias exec.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-09-20 CVE Reserved
  • 2007-09-22 First Exploit
  • 2007-09-27 CVE Published
  • 2024-08-07 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (24)
URL Tag Source
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 X_refsource_confirm
http://secunia.com/advisories/27047 Third Party Advisory
http://secunia.com/advisories/27072 Third Party Advisory
http://secunia.com/advisories/27085 Third Party Advisory
http://secunia.com/advisories/27103 Third Party Advisory
http://secunia.com/advisories/27141 Third Party Advisory
http://secunia.com/advisories/27161 Third Party Advisory
http://secunia.com/advisories/27486 Third Party Advisory
http://www.securityfocus.com/archive/1/481825/100/0/threaded Mailing List
http://www.securityfocus.com/bid/25825 Vdb Entry
http://www.vupen.com/english/advisories/2007/3348 Vdb Entry
https://issues.rpath.com/browse/RPL-1752 X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240 Signature
URL Date SRC
https://www.exploit-db.com/exploits/30620 2007-09-22
URL Date SRC
URL Date SRC
http://secunia.com/advisories/26986 2018-10-15
http://www.debian.org/security/2007/dsa-1384 2018-10-15
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 2018-10-15
http://www.redhat.com/support/errata/RHSA-2007-0323.html 2018-10-15
http://www.ubuntu.com/usn/usn-527-1 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html 2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html 2018-10-15
https://access.redhat.com/security/cve/CVE-2007-4993 2007-10-02
https://bugzilla.redhat.com/show_bug.cgi?id=302801 2007-10-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xensource Inc
Search vendor "Xensource Inc"
 Xen
Search vendor "Xensource Inc" for product "Xen"
 3.0.3
Search vendor "Xensource Inc" for product "Xen" and version "3.0.3"
-
Affected