LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

xen: DOS and symlink vulnerabilities

Package(s):xen CVE #(s):CVE-2008-4405 CVE-2008-4993
Created:January 7, 2009 Updated:September 15, 2009
Description: The Xen package, as shipped by Red Hat (at least), contains a pair of vulnerabilities. Unprivileged DomU domains are able to overwrite "xenstore values," enabling the killing of arbitrary processes. And the qemu-dm.debug script has a symbolic link vulnerability exploitable by a local attacker.
Alerts:
SuSE SUSE-SR:2009:015 2009-09-15
Mandriva MDVSA-2009:016 2009-01-16
CentOS CESA-2009:0003 2009-01-08
Red Hat RHSA-2009:0003-01 2009-01-07
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds