|
|
CVE Reference: CVE-2008-3687 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3687 |
|
|
Description: Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/44608 ST 1020731 SAID Secunia Advisory: SA31561 MLIST http://www.nabble.com/-PATCH--XSM--FLASK--Argument-handling-bugs-in-XSM:FLASK-to18536032.html MISC http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html http://invisiblethingslab.com/bh08/part2.pdf CONFIRM http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a BID 30834 |
|
| Return to the previous page. |
