>> Xen "xenbaked" and "xenmon" Insecure Temporary File Handling Issue
Title : Xen "xenbaked" and "xenmon" Insecure Temporary File Handling Issue VUPEN ID : VUPEN/ADV-2007-3621 CVE ID : CVE-2007-3919
Rated as : Low Risk
Remotely Exploitable : No Locally Exploitable : Yes Release Date : 2007-10-25
Technical Description
A vulnerability has been identified in Xen, which could be exploited by local attackers to bypass security restrictions. This issue is caused by an error in the "xenbaked" daemon and "xenmon" utility when handling the temporary file "/tmp/xenq-shm", which could allow malicious users to conduct symlink attacks and truncate arbitrary files with the privileges of the user invoking the vulnerable application.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
