This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was discovered that the hypervisor's para-virtualized framebuffer
(PVFB) backend failed to validate the frontend's framebuffer
description properly. This could allow a privileged user in the
unprivileged domain (DomU) to cause a denial of service, or, possibly,
elevate privileges to the privileged domain (Dom0). (CVE-2008-1952)
A flaw was found in the QEMU block format auto-detection, when running
fully-virtualized guests and using Qemu images written on removable
media (USB storage, 3.5' disks). Privileged users of such
fully-virtualized guests (DomU), with a raw-formatted disk image, were
able to write a header to that disk image describing another format.
This could allow such guests to read arbitrary files in their
hypervisor's host (Dom0). (CVE-2008-1945)
Additionally, the following bug is addressed in this update :
- The qcow-create command terminated when invoked due to
glibc bounds checking on the realpath() function.
See also :
Update the affected xen, xen-devel and / or xen-libs packages.
Risk factor :
Medium / CVSS Base Score : 4.9