Bug 350421 (CVE-2007-3919)
Summary: | CVE-2007-3919 xen xenmon.py / xenbaked insecure temporary file accesss | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | berrange, kreilly, xen-maint |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 3.1.0-8.fc7 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-25 10:19:21 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 361981, 361991, 362001, 362011, 387161, 387171 | ||
Bug Blocks: |
Description
Tomas Hoger
2007-10-24 12:47:17 UTC
The Red Hat Security Response Team has rated this issue as having low security impact. It can only be exploited by attacker with access to Dom0. Such access should be restricted to trusted Xen host administrators. Moreover, those tools have very limited user base. xen-3.1.0-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0194.html |