6.9

CVE-2007-4993

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Xensource IncXen Version3.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.63% 0.455
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/27047
http://secunia.com/advisories/27085
http://secunia.com/advisories/27103
http://secunia.com/advisories/27486
http://www.debian.org/security/2007/dsa-1384
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.redhat.com/support/errata/RHSA-2007-0323.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068
http://secunia.com/advisories/26986
Vendor Advisory
http://secunia.com/advisories/27072
http://secunia.com/advisories/27141
http://secunia.com/advisories/27161
http://www.securityfocus.com/archive/1/481825/100/0/threaded
http://www.securityfocus.com/bid/25825
http://www.ubuntu.com/usn/usn-527-1
http://www.vupen.com/english/advisories/2007/3348
https://issues.rpath.com/browse/RPL-1752
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html