Detections
Analytics
Mandrake Linux Security Advisory : xen (MDKSA-2007:203)
high Nessus Plugin ID 27614
Synopsis
The remote Mandrake Linux host is missing a security update.Description
Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen.A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1320).
Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1321, CVE-2007-5729, CVE-2007-5730).
Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files (CVE-2007-3919).
Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain (CVE-2007-4993).
Updated packages have been patched to prevent these issues.
Solution
Update the affected xen package.Plugin Details
Severity: High
ID: 27614
File Name: mandrake_MDKSA-2007-203.nasl
Version: 1.21
Type: local
Family: Mandriva Local Security Checks
Published: 11/2/2007
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.5
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:xen, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/1/2007
Exploitable With
Core Impact
Reference Information
CVE: CVE-2007-1320, CVE-2007-1321, CVE-2007-3919, CVE-2007-4993, CVE-2007-5729, CVE-2007-5730
BID: 23731