Article
RSS
Xen VNC Server QEMU Monitor Mode Security Bypass and File Disclosure Vulnerability

A vulnerability has been identified in Xen, which could be exploited by malicious users to disclose sensitive information. This issue is due to an error within the VNC server code in QEMU when monitor mode is enabled, which could be exploited by an attacker who has access to the VNC server to read arbitrary files on the underlying operating system with root privileges.

Affected Products

Xen versions 3.x

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/1019

Credits

Vulnerability reported by Redhat

ChangeLog

2007-03-20 : Initial release

Vulnerability Management

Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Information came from FrSIRT.

Published Saturday, March 24, 2007 8:10 PM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<March 2007>
SuMoTuWeThFrSa
25262728123
45678910
11121314151617
18192021222324
25262728293031
1234567