CVE-2007-3919
published 2007-10-28CVE-2007-3919: (1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
PriorityP416medium6CVSS 2.0
AVLACMAuSCNICAC
EPSS
0.33%
25.1th percentile
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xensource_inc | xen | — | — |
| xensource_inc | xen | — | — |
CVSS provenance
nvdv2.06.0MEDIUMAV:L/AC:M/Au:S/C:N/I:C/A:C
vendor_redhat6.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cf5w-7gqx-4gh9: (1) xenbaked and (2) xenmon
ghsa_unreviewed·2022-05-01
CVE-2007-3919 [MEDIUM] CWE-59 GHSA-cf5w-7gqx-4gh9: (1) xenbaked and (2) xenmon
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
Red Hat
xen xenmon.py / xenbaked insecure temporary file accesss
vendor_redhat·2007-10-23·CVSS 6.0
CVE-2007-3919 [MEDIUM] CWE-377 xen xenmon.py / xenbaked insecure temporary file accesss
xen xenmon.py / xenbaked insecure temporary file accesss
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
Statement: The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [Fdevel]
bugzilla·2007-11-01·CVSS 6.0
CVE-2007-3919 [MEDIUM] CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [Fdevel]
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [Fdevel]
Fdevel tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fixed in
* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc9
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
$ koji latest-pkg dist-f9 xen
Build Tag Built by
---------------------------------------- -------------------- ----------------
xen-3.1.0-13.fc9 dist-f9 berrange
Bugzilla
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F8]
bugzilla·2007-11-01·CVSS 6.0
CVE-2007-3919 [MEDIUM] CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F8]
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F8]
F8 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Already fixed
* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc9
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
---
Opps, wrong changelog. I meant
* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc8
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
$ koji latest-pkg dist-f8 xen
Build Tag Built by
---------------------------------------- -------------------- ----------------
xen-3.1.0-13.fc8 dist-f8 berrange
Bugzilla
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F7]
bugzilla·2007-11-01·CVSS 6.0
CVE-2007-3919 [MEDIUM] CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F7]
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [F7]
F7 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fix is built & pending an update
* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-8.fc7
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
$ koji latest-pkg dist-fc7-updates-candidate xen
Build Tag Built by
---------------------------------------- -------------------- ----------------
xen-3.1.0-8.fc7 dist-fc7-updates-candidate berrange
---
Daniel: Thanks, I added a reference to the update request.
---
xen-3.1.0-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Bugzilla
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [FC6]
bugzilla·2007-11-01·CVSS 6.0
CVE-2007-3919 [MEDIUM] CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [FC6]
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss [FC6]
FC6 tracking bug: see blocks bug list for full details of the security issue(s).
[bug automatically created by: add-tracking-bugs]
Discussion:
Fix is built & pending an update
* Fri Oct 26 2007 Daniel P. Berrange - 3.1.0-13.fc6
- Fixed xenbaked tmpfile flaw (CVE-2007-3919)
$ brew latest-pkg dist-fc6-updates-candidate xen
Build Tag Built by
---------------------------------------- -------------------- ----------------
xen-3.0.3-13.fc6 dist-fc6-updates-candidate berrange
---
Please correct the references in the update to reference this bug and the parent
bug. Thanks!
Bugzilla
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss
bugzilla·2007-10-24·CVSS 6.0
CVE-2007-3919 [MEDIUM] CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss
CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss
Steve Kemp reported following problem affecting xenmon tools shipped with xen:
The xenbaked daemon and xenmon utility communicate via a mmap'ed
shared file. Since this file is located in /tmp, unprivileged users
can cause arbitrary files to be truncated by creating a symlink from
the well-known /tmp filename to e.g., /etc/passwd.
The fix is to place the shared file in a directory to which only root
should have access (in this case /var/run/).
Fix has already been committed in upstream repository:
http://xenbits.xensource.com/xen-unstable.hg?rev/b28ae5f00553
Debian bug opened by Steve:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795
Discussion:
The Red Hat Security Response Team has rated this issue as hav
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795http://osvdb.org/41342http://osvdb.org/41343http://secunia.com/advisories/27389http://secunia.com/advisories/27408http://secunia.com/advisories/27486http://secunia.com/advisories/27497http://secunia.com/advisories/29963http://www.debian.org/security/2007/dsa-1395http://www.mandriva.com/security/advisories?name=MDKSA-2007:203http://www.redhat.com/support/errata/RHSA-2008-0194.htmlhttp://www.securityfocus.com/bid/26190http://www.securitytracker.com/id?1018859http://www.vupen.com/english/advisories/2007/3621https://exchange.xforce.ibmcloud.com/vulnerabilities/37403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.htmlhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795http://osvdb.org/41342http://osvdb.org/41343http://secunia.com/advisories/27389http://secunia.com/advisories/27408http://secunia.com/advisories/27486http://secunia.com/advisories/27497http://secunia.com/advisories/29963http://www.debian.org/security/2007/dsa-1395http://www.mandriva.com/security/advisories?name=MDKSA-2007:203http://www.redhat.com/support/errata/RHSA-2008-0194.htmlhttp://www.securityfocus.com/bid/26190http://www.securitytracker.com/id?1018859http://www.vupen.com/english/advisories/2007/3621https://exchange.xforce.ibmcloud.com/vulnerabilities/37403https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html
2007-10-28
Published