Mandrake Linux Security Advisory : xen (MDKSA-2007:203)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Tavis Ormandy discovered a heap overflow flaw during video-to-video
copy operations in the Cirrus VGA extension code that is used in Xen.
A malicious local administrator of a guest domain could potentially
trigger this flaw and execute arbitrary code outside of the domain
(CVE-2007-1320).

Tavis Ormandy also discovered insufficient input validation leading to
a heap overflow in the NE2000 network driver in Xen. If the driver is
in use, a malicious local administrator of a guest domain could
potentially trigger this flaw and execute arbitrary code outside of
the domain (CVE-2007-1321, CVE-2007-5729, CVE-2007-5730).

Steve Kemp found that xen-utils used insecure temporary files within
the xenmon tool that could allow local users to truncate arbitrary
files (CVE-2007-3919).

Joris van Rantwijk discovered a flaw in Pygrub, which is used as a
boot loader for guest domains. A malicious local administrator of a
guest domain could create a carefully-crafted grub.conf file which
could trigger the execution of arbitrary code outside of that domain
(CVE-2007-4993).

Updated packages have been patched to prevent these issues.

Solution :

Update the affected xen package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 27614 (mandrake_MDKSA-2007-203.nasl)

Bugtraq ID: 23731

CVE ID: CVE-2007-1320
CVE-2007-1321
CVE-2007-3919
CVE-2007-4993
CVE-2007-5729
CVE-2007-5730

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now