OpenCVE

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:S/C:N/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Redhat	Enterprise Linux
Xensource Inc	Xen

Configuration 1 [-]

AND

OR	cpe:2.3:o:debian:debian_linux:4.0::alpha:::::
	cpe:2.3:o:debian:debian_linux:4.0::amd64:::::
	cpe:2.3:o:debian:debian_linux:4.0::arm:::::
	cpe:2.3:o:debian:debian_linux:4.0::hppa:::::
	cpe:2.3:o:debian:debian_linux:4.0::ia-32:::::
	cpe:2.3:o:debian:debian_linux:4.0::ia-64:::::
	cpe:2.3:o:debian:debian_linux:4.0::m68k:::::
	cpe:2.3:o:debian:debian_linux:4.0::mips:::::
	cpe:2.3:o:debian:debian_linux:4.0::mipsel:::::
	cpe:2.3:o:debian:debian_linux:4.0::powerpc:::::
	cpe:2.3:o:debian:debian_linux:4.0::s390:::::
	cpe:2.3:o:debian:debian_linux:4.0::sparc:::::

OR	cpe:2.3:a:xensource_inc:xen:3.0.3_0_1:::::::*
	cpe:2.3:a:xensource_inc:xen:3.0.3_0_3:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5
xen-0:3.0.3-41.el5_1.5	cpe:/o:redhat:enterprise_linux:5	RHSA-2008:0194	2008-05-13T00:00:00Z

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795
http://osvdb.org/41342
http://osvdb.org/41343
http://secunia.com/advisories/27389
http://secunia.com/advisories/27408
http://secunia.com/advisories/27486
http://secunia.com/advisories/27497
http://secunia.com/advisories/29963
http://www.debian.org/security/2007/dsa-1395
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.redhat.com/support/errata/RHSA-2008-0194.html
http://www.securityfocus.com/bid/26190
http://www.securitytracker.com/id?1018859
http://www.vupen.com/english/advisories/2007/3621
https://exchange.xforce.ibmcloud.com/vulnerabilities/37403
https://nvd.nist.gov/vuln/detail/CVE-2007-3919
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913
https://www.cve.org/CVERecord?id=CVE-2007-3919
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-28T16:00:00

Updated: 2024-08-07T14:37:05.580Z

Reserved: 2007-07-20T00:00:00

Link: CVE-2007-3919

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-10-28T17:08:00.000

Modified: 2024-11-21T00:34:22.287

Link: CVE-2007-3919

Redhat

Severity : Low

Publid Date: 2007-10-23T00:00:00Z

Links: CVE-2007-3919 - Bugzilla

Metrics

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object