>> Xen "xenbaked" and "xenmon" Insecure Temporary File Handling Issue
Title : Xen "xenbaked" and "xenmon" Insecure Temporary File Handling Issue VUPEN ID : VUPEN/ADV-2007-3621 CVE ID : CVE-2007-3919
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2007-10-25
Technical Description
A vulnerability has been identified in Xen, which could be exploited by local attackers to bypass security restrictions. This issue is caused by an error in the "xenbaked" daemon and "xenmon" utility when handling the temporary file "/tmp/xenq-shm", which could allow malicious users to conduct symlink attacks and truncate arbitrary files with the privileges of the user invoking the vulnerable application.
