CVE - CVE-2007-4993

CVE-ID
CVE-2007-4993	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:20071008 rPSA-2007-0210-1 xen URL:http://www.securityfocus.com/archive/1/481825/100/0/threaded MISC:25825 URL:http://www.securityfocus.com/bid/25825 MISC:26986 URL:http://secunia.com/advisories/26986 MISC:27047 URL:http://secunia.com/advisories/27047 MISC:27072 URL:http://secunia.com/advisories/27072 MISC:27085 URL:http://secunia.com/advisories/27085 MISC:27103 URL:http://secunia.com/advisories/27103 MISC:27141 URL:http://secunia.com/advisories/27141 MISC:27161 URL:http://secunia.com/advisories/27161 MISC:27486 URL:http://secunia.com/advisories/27486 MISC:ADV-2007-3348 URL:~~http://www.vupen.com/english/advisories/2007/3348~~ (Obsolete source) MISC:DSA-1384 URL:http://www.debian.org/security/2007/dsa-1384 MISC:FEDORA-2007-2270 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html MISC:FEDORA-2007-2708 URL:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html MISC:FEDORA-2007-713 URL:https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html MISC:MDKSA-2007:203 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2007:203~~ (Obsolete source) MISC:RHSA-2007:0323 URL:http://www.redhat.com/support/errata/RHSA-2007-0323.html MISC:USN-527-1 URL:http://www.ubuntu.com/usn/usn-527-1 MISC:http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 URL:http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 MISC:https://issues.rpath.com/browse/RPL-1752 URL:https://issues.rpath.com/browse/RPL-1752 MISC:oval:org.mitre.oval:def:11240 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240
Assigning CNA
Red Hat, Inc.
Date Record Created
20070920	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070920)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)

Use of the CVE® List and the associated references from this website are subject to the terms of use. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 1999–2024, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation.