Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
BID:26190
Info
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 26190 |
| Class: | Design Error |
| CVE: |
CVE-2007-3919 |
| Remote: | No |
| Local: | Yes |
| Published: | Oct 23 2007 12:00AM |
| Updated: | May 13 2008 08:55PM |
| Credit: | Steve Kemp from Debian disclosed this vulnerability. |
| Vulnerable: |
XenSource Xen 3.0 Redhat Fedora Core7 Redhat Enterprise Linux Virtualization 5 Server Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop Multi OS 5 client Redhat Enterprise Linux 5 Server Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
Xen is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects Xen 3.0; other versions may also be vulnerable.
Xen is prone to a security vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symlink attacks, overwriting arbitrary files in the context of the affected application.
Successfully mounting a symlink attack may allow the attacker to overwrite or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible.
This issue affects Xen 3.0; other versions may also be vulnerable.
Exploit / POC
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
Solution:
Please see the referenced advisories for more information.
Solution:
Please see the referenced advisories for more information.
References
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability
References:
References:
- Debian Bug report logs - #447795 (Debian)
- Xen Project Homepage (Xen Project)
- RHSA-2008:0194-20 xen security and bug fix update (Red Hat)