A vulnerability has been identified in Xen, which could be exploited by malicious users to disclose sensitive information. This issue is due to an error within the VNC server code in QEMU when monitor mode is enabled, which could be exploited by an attacker who has access to the VNC server to read arbitrary files on the underlying operating system with root privileges.
Xen versions 3.x
The FrSIRT is not aware of any official supplied patch for this issue.
Vulnerability reported by Redhat
2007-03-20 : Initial release
Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to firstname.lastname@example.org.
Information came from FrSIRT.