Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
BID:22967
Info
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
| Bugtraq ID: | 22967 |
| Class: | Design Error |
| CVE: |
CVE-2007-0998 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2007 12:00AM |
| Updated: | Mar 26 2014 09:26AM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
SuSE openSUSE 12.1 RedHat Enterprise Linux Virtualization 5 server RedHat Enterprise Linux Desktop Multi OS 5 client Red Hat Fedora Core6 Red Hat Fedora Core5 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Pardus Linux 2007.1 |
| Not Vulnerable: | |
Discussion
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.
An attacker can exploit this issue to access sensitive information that may aid in further attacks.
Xen is prone to an unspecified vulnerability that lets attackers obtain arbitrary information. The issue stems from a flaw in the VNC server code in QEMU.
An attacker can exploit this issue to access sensitive information that may aid in further attacks.
Exploit / POC
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
An attacker can exploit this issue by gaining authenticated access to a vulnerable computer.
An attacker can exploit this issue by gaining authenticated access to a vulnerable computer.
Solution / Fix
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
Solution:
The vendor has released fixes to address this issue. Please see the referenced advisory for more information.
Red Hat Fedora Core6
Red Hat Fedora Core5
Solution:
The vendor has released fixes to address this issue. Please see the referenced advisory for more information.
Red Hat Fedora Core6
-
RedHat Fedora xen-3.0.3-8.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-3.0.3-8.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-debuginfo-3.0.3-8.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-devel-3.0.3-8.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-devel-3.0.3-8.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-libs-3.0.3-8.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ -
RedHat Fedora xen-libs-3.0.3-8.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
Red Hat Fedora Core5
-
RedHat Fedora xen-3.0.3-5.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora xen-3.0.3-5.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora xen-debuginfo-3.0.3-5.fc5.i386.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora xen-debuginfo-3.0.3-5.fc5.x86_64.rpm
Fedora Core 5
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ -
RedHat Fedora xen-debuginfo-3.0.3-8.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
References
Xen QEMU VNC Server Arbitrary Information Disclosure Vulnerability
References:
References:
- Red Hat Homepage (Red Hat)
- RHSA-2007:0114-5 Important: xen security update (Redhat)