CVE-2007-4993 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2007-4993
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4993

Description: pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-527-1 SAID Secunia Advisory: SA26986 Secunia Advisory: SA27085 Secunia Advisory: SA27161 Secunia Advisory: SA27072 Secunia Advisory: SA27103 Secunia Advisory: SA27486 Secunia Advisory: SA27141 Secunia Advisory: SA27047 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0323.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 FEDORA DEBIAN http://www.debian.org/security/2007/dsa-1384 CONFIRM http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/481825/100/0/threaded BID 25825

Return to the previous page.