Vulnerabilites related to xen - qemu
Vulnerability from fkie_nvd
Published
2007-03-20 10:19
Modified
2024-11-21 00:27
Severity ?
Summary
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
redhat | enterprise_linux | 5.0 | |
redhat | enterprise_linux | 5.0 | |
redhat | enterprise_linux | 5.0 | |
redhat | enterprise_linux | 5.0 | |
redhat | fedora_core | core_5.0 | |
redhat | fedora_core | core6 | |
xen | qemu | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop:*:*:*:*:*", matchCriteriaId: "FE524195-06F1-4504-9223-07596588CC70", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:desktop_multiple_os:*:*:*:*:*", matchCriteriaId: "AB55CA0F-06FB-4CED-BB2F-AB99C32062CF", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:server:*:*:*:*:*", matchCriteriaId: "40D71CBC-D365-4710-BAB5-8A1159F35E41", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:virtualization:*:*:*:*:*", matchCriteriaId: "37E17F28-76A9-4F73-8F58-35390BDCE6EE", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core_5.0:*:*:*:*:*:*:*", matchCriteriaId: "DA3B94B6-A5E4-4432-802E-BFAD7F3B5B4C", vulnerable: false, }, { criteria: "cpe:2.3:o:redhat:fedora_core:core6:*:*:*:*:*:*:*", matchCriteriaId: "E007512B-2A01-4915-82D1-EDDEE8ED3190", vulnerable: false, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:xen:qemu:*:*:*:*:*:*:*:*", matchCriteriaId: "1AC03235-6F95-414A-8C93-5215E801676E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "La implementación del servidor VNC en QEMU, como es usada por Xen y posiblemente otros entornos, permite a usuarios locales de un sistema operativo invitado leer archivos arbitrarios en el sistema operativo host por medio de vectores no especificados relacionados con el modo de monitoreo de QEMU, como es demostrado al mapear archivos hacia un dispositivo CDROM. NOTA: algunos de estos detalles son obtenidos a partir de información de terceros.", }, ], id: "CVE-2007-0998", lastModified: "2024-11-21T00:27:15.167", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-03-20T10:19:00.000", references: [ { source: "secalert@redhat.com", url: "http://fedoranews.org/cms/node/2802", }, { source: "secalert@redhat.com", url: "http://fedoranews.org/cms/node/2803", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", }, { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", }, { source: "secalert@redhat.com", url: "http://osvdb.org/34304", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0114.html", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24575", }, { source: "secalert@redhat.com", url: "http://secunia.com/advisories/51413", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/22967", }, { source: "secalert@redhat.com", url: "http://www.securitytracker.com/id?1017764", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1019", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1020", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1021", }, { source: "secalert@redhat.com", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33085", }, { source: "secalert@redhat.com", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fedoranews.org/cms/node/2802", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://fedoranews.org/cms/node/2803", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/34304", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0114.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/24575", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/51413", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/22967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1017764", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1019", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1020", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/1021", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33085", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2007-0998
Vulnerability from cvelistv5
Published
2007-03-20 10:00
Modified
2024-08-07 12:43
Severity ?
EPSS score ?
Summary
The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:43:21.585Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "fedora-xen-qemuvnc-information-disclosure(33085)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33085", }, { name: "51413", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/51413", }, { name: "22967", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/22967", }, { name: "ADV-2007-1021", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1021", }, { name: "ADV-2007-1019", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1019", }, { name: "RHSA-2007:0114", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0114.html", }, { name: "34304", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/34304", }, { name: "ADV-2007-1020", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/1020", }, { name: "oval:org.mitre.oval:def:10486", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486", }, { name: "openSUSE-SU-2012:1572", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", }, { name: "FEDORA-2007-344", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/cms/node/2802", }, { name: "SUSE-SU-2014:0446", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", }, { name: "FEDORA-2007-343", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://fedoranews.org/cms/node/2803", }, { name: "24575", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/24575", }, { name: "1017764", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1017764", }, { name: "openSUSE-SU-2012:1573", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-03-14T00:00:00", descriptions: [ { lang: "en", value: "The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "fedora-xen-qemuvnc-information-disclosure(33085)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33085", }, { name: "51413", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/51413", }, { name: "22967", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/22967", }, { name: "ADV-2007-1021", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1021", }, { name: "ADV-2007-1019", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1019", }, { name: "RHSA-2007:0114", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2007-0114.html", }, { name: "34304", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/34304", }, { name: "ADV-2007-1020", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/1020", }, { name: "oval:org.mitre.oval:def:10486", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486", }, { name: "openSUSE-SU-2012:1572", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", }, { name: "FEDORA-2007-344", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/cms/node/2802", }, { name: "SUSE-SU-2014:0446", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", }, { name: "FEDORA-2007-343", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://fedoranews.org/cms/node/2803", }, { name: "24575", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/24575", }, { name: "1017764", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1017764", }, { name: "openSUSE-SU-2012:1573", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2007-0998", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "fedora-xen-qemuvnc-information-disclosure(33085)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/33085", }, { name: "51413", refsource: "SECUNIA", url: "http://secunia.com/advisories/51413", }, { name: "22967", refsource: "BID", url: "http://www.securityfocus.com/bid/22967", }, { name: "ADV-2007-1021", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1021", }, { name: "ADV-2007-1019", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1019", }, { name: "RHSA-2007:0114", refsource: "REDHAT", url: "http://rhn.redhat.com/errata/RHSA-2007-0114.html", }, { name: "34304", refsource: "OSVDB", url: "http://osvdb.org/34304", }, { name: "ADV-2007-1020", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/1020", }, { name: "oval:org.mitre.oval:def:10486", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486", }, { name: "openSUSE-SU-2012:1572", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html", }, { name: "FEDORA-2007-344", refsource: "FEDORA", url: "http://fedoranews.org/cms/node/2802", }, { name: "SUSE-SU-2014:0446", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html", }, { name: "FEDORA-2007-343", refsource: "FEDORA", url: "http://fedoranews.org/cms/node/2803", }, { name: "24575", refsource: "SECUNIA", url: "http://secunia.com/advisories/24575", }, { name: "1017764", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1017764", }, { name: "openSUSE-SU-2012:1573", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2007-0998", datePublished: "2007-03-20T10:00:00", dateReserved: "2007-02-16T00:00:00", dateUpdated: "2024-08-07T12:43:21.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }