CVE-2007-4993
published 2007-09-27CVE-2007-4993: pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute…
PriorityP429medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
0.63%
45.7th percentile
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xensource_inc | xen | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
xen-3.0 vulnerability
vendor_ubuntu·2007-10-05
CVE-2007-4993 xen-3.0 vulnerability
Title: xen-3.0 vulnerability
Summary: xen-3.0 vulnerability
Joris van Rantwijk discovered that the Xen host did not correctly validate
the contents of a Xen guests's grug.conf file. Xen guest root users could
exploit this to run arbitrary commands on the host when the guest system
was rebooted.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
xen guest root can escape to domain 0 through pygrub
vendor_redhat·2007-09-22·CVSS 6.9
CVE-2007-4993 [MEDIUM] xen guest root can escape to domain 0 through pygrub
xen guest root can escape to domain 0 through pygrub
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
GHSA
GHSA-43w7-6v4p-jxc3: pygrub (tools/pygrub/src/GrubConf
ghsa_unreviewed·2022-05-01
CVE-2007-4993 [MEDIUM] CWE-20 GHSA-43w7-6v4p-jxc3: pygrub (tools/pygrub/src/GrubConf
pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.
No detection rules found.
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068http://secunia.com/advisories/26986http://secunia.com/advisories/27047http://secunia.com/advisories/27072http://secunia.com/advisories/27085http://secunia.com/advisories/27103http://secunia.com/advisories/27141http://secunia.com/advisories/27161http://secunia.com/advisories/27486http://www.debian.org/security/2007/dsa-1384http://www.mandriva.com/security/advisories?name=MDKSA-2007:203http://www.redhat.com/support/errata/RHSA-2007-0323.htmlhttp://www.securityfocus.com/archive/1/481825/100/0/threadedhttp://www.securityfocus.com/bid/25825http://www.ubuntu.com/usn/usn-527-1http://www.vupen.com/english/advisories/2007/3348https://issues.rpath.com/browse/RPL-1752https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.htmlhttp://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068http://secunia.com/advisories/26986http://secunia.com/advisories/27047http://secunia.com/advisories/27072http://secunia.com/advisories/27085http://secunia.com/advisories/27103http://secunia.com/advisories/27141http://secunia.com/advisories/27161http://secunia.com/advisories/27486http://www.debian.org/security/2007/dsa-1384http://www.mandriva.com/security/advisories?name=MDKSA-2007:203http://www.redhat.com/support/errata/RHSA-2007-0323.htmlhttp://www.securityfocus.com/archive/1/481825/100/0/threadedhttp://www.securityfocus.com/bid/25825http://www.ubuntu.com/usn/usn-527-1http://www.vupen.com/english/advisories/2007/3348https://issues.rpath.com/browse/RPL-1752https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html
2007-09-27
Published