SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen NE2000 Driver Heap Overflow May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1018761
SecurityTracker URL:  http://securitytracker.com/id/1018761
CVE Reference:   CVE-2007-1321   (Links to External Site)
Date:  Oct 2 2007
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xen. A local user can obtain elevated privileges on the target system.

The Xen NE2000 network driver does not properly validate user-supplied input. A local user with administrative privileges in a guest domain can supply specially crafted data to potentially execute arbitrary commands on the target system outside of the target domain.

The driver is not used by default.

Tavis Ormandy reported this vulnerability.

Impact:   A local user can obtain root privileges on the target system.
Solution:   A patch is available at:

http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html

Vendor URL:  www.xensource.com/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 2 2007 (Red Hat Issues Fix) Xen NE2000 Driver Heap Overflow May Let Local Users Gain Elevated Privileges
Red Hat has released a fix for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC