A vulnerability has been identified in Xen, which could be exploited by malicious users to disclose sensitive information. This issue is due to an error within the VNC server code in QEMU when monitor mode is enabled, which could be exploited by an attacker who has access to the VNC server to read arbitrary files on the underlying operating system with root privileges.
Affected Products
Xen versions 3.x
Solution
The FrSIRT is not aware of any official supplied patch for this issue.
References
http://www.frsirt.com/english/advisories/2007/1019
Credits
Vulnerability reported by Redhat
ChangeLog
2007-03-20 : Initial release
Vulnerability Management
Receive up-to-the-minute alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available. Subscribe to FrSIRT VNS.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
Information came from FrSIRT.