NASLDB: Debian DSA-1384-1 : xen-utils - several vulnerabilities
General
ID: 26931
Name: Debian DSA-1384-1 : xen-utils – several vulnerabilities
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
Several local vulnerabilities have been discovered in the Xen
hypervisor packages which may lead to the execution of arbitrary code.
The Common Vulnerabilities and Exposures project identifies the
following problems :
– CVE-2007-4993
By use of a specially crafted grub configuration file a
domU user may be able to execute arbitrary code upon the
dom0 when pygrub is being used.
– CVE-2007-1320
Multiple heap-based buffer overflows in the Cirrus VGA
extension, provided by QEMU, may allow local users to
execute arbitrary code via ‘bitblt’ heap overflow.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2007-1320
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2007/10/05
Plugin Release: 2007/10/09
Plugin
Version: 1.10
Filename: debian_DSA-1384.nasl
Filesize: 4328 bytes
MD5 Hash: fd8a287be96e93f26c579b39794d2997
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2007-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack