Xen NE2000 Driver Heap Overflow May Let Local Users Gain Elevated Privileges
|
|
SecurityTracker Alert ID: 1018761
|
|
SecurityTracker URL: http://securitytracker.com/id?1018761
|
|
CVE Reference: CVE-2007-1321
(Links to External Site)
|
Date: Oct 2 2007
|
Impact: Execution of arbitrary code via local system, Root access via local system
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in Xen. A local user can obtain elevated privileges on the target system.
The Xen NE2000 network driver does not properly validate user-supplied input. A local user with administrative privileges in a guest
domain can supply specially crafted data to potentially execute arbitrary commands on the target system outside of the target domain.
The
driver is not used by default.
Tavis Ormandy reported this vulnerability.
|
Impact: A local user can obtain root privileges on the target system.
|
Solution: A patch is available at:
http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html
|
Vendor URL: www.xensource.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 2 Oct 2007 17:12:55 -0400
Subject: xen
|
CVE-2007-1321 xen QEMU NE2000 emulation issues
|
|
