Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4993 to the following vulnerability: qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496367 https://bugs.gentoo.org/show_bug.cgi?id=235805 http://dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1
This debug script is shipped in xen packages in Red Hat Enterprise Linux 5 and Fedora 8. As of Fedora 9, most of the tools are moved to separate subpackage - xen-runtime - which does not ship qemu-dm.debug script.
This seems to be quite dummy debug script, that is probably used by xen developers. Can it possibly have any use on production deployments?
I killed it off in Fedora 9 because it is a waste of time shipping it - anyone can trivially create something similar & more suitable to their needs. So I vote for killing it off everywhere else too.
I do believe the errata was shipped for this a long time ago in all relevant packages, so I'm closing this tracking bug. Chris Lalancette