Mandrake Linux Security Advisory : xen (MDKSA-2007:203)

high Nessus Plugin ID 27614

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen.
A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1320).

Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1321, CVE-2007-5729, CVE-2007-5730).

Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files (CVE-2007-3919).

Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain (CVE-2007-4993).

Updated packages have been patched to prevent these issues.

Solution

Update the affected xen package.

Plugin Details

Severity: High

ID: 27614

File Name: mandrake_MDKSA-2007-203.nasl

Version: 1.21

Type: local

Published: 11/2/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.5

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xen, cpe:/o:mandriva:linux:2007, cpe:/o:mandriva:linux:2007.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/1/2007

Exploitable With

Core Impact

Reference Information

CVE: CVE-2007-1320, CVE-2007-1321, CVE-2007-3919, CVE-2007-4993, CVE-2007-5729, CVE-2007-5730

BID: 23731

CWE: 119, 189, 20, 59

MDKSA: 2007:203