Test Kennung:	1.3.6.1.4.1.25623.1.0.58722
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDKSA-2007:203 (xen)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to xen announced via advisory MDKSA-2007:203. Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1320). Tavis Ormandy also discovered insufficient input validation leading to a heap overflow in the NE2000 network driver in Xen. If the driver is in use, a malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain (CVE-2007-1321, CVE-2007-5729, CVE-2007-5730). Steve Kemp found that xen-utils used insecure temporary files within the xenmon tool that could allow local users to truncate arbitrary files (CVE-2007-3919). Joris van Rantwijk discovered a flaw in Pygrub, which is used as a boot loader for guest domains. A malicious local administrator of a guest domain could create a carefully-crafted grub.conf file which could trigger the execution of arbitrary code outside of that domain (CVE-2007-4993). Updated packages have been patched to prevent these issues. Affected: 2007.0, 2007.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:203 Risk factor : High CVSS Score: 7.2
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1320 BugTraq ID: 23731 http://www.securityfocus.com/bid/23731 Debian Security Information: DSA-1284 (Google Search) http://www.debian.org/security/2007/dsa-1284 Debian Security Information: DSA-1384 (Google Search) http://www.debian.org/security/2007/dsa-1384 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://taviso.decsystem.org/virtsec.pdf http://osvdb.org/35494 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315 http://www.redhat.com/support/errata/RHSA-2007-0323.html http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/30413 http://secunia.com/advisories/33568 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://www.vupen.com/english/advisories/2007/1597 Common Vulnerability Exposure (CVE) ID: CVE-2007-1321 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html http://osvdb.org/35495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9302 http://securitytracker.com/id?1018761 http://secunia.com/advisories/27072 http://www.attrition.org/pipermail/vim/2007-October/001842.html Common Vulnerability Exposure (CVE) ID: CVE-2007-5729 http://osvdb.org/42986 XForce ISS Database: qemu-ne2000-code-execution(38238) https://exchange.xforce.ibmcloud.com/vulnerabilities/38238 Common Vulnerability Exposure (CVE) ID: CVE-2007-5730 http://osvdb.org/42985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://secunia.com/advisories/29963 XForce ISS Database: qemu-net-socket-bo(38239) https://exchange.xforce.ibmcloud.com/vulnerabilities/38239 Common Vulnerability Exposure (CVE) ID: CVE-2007-3919 BugTraq ID: 26190 http://www.securityfocus.com/bid/26190 Debian Security Information: DSA-1395 (Google Search) http://www.debian.org/security/2007/dsa-1395 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795 http://osvdb.org/41342 http://osvdb.org/41343 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913 http://www.securitytracker.com/id?1018859 http://secunia.com/advisories/27389 http://secunia.com/advisories/27408 http://secunia.com/advisories/27497 http://www.vupen.com/english/advisories/2007/3621 XForce ISS Database: xen-xenqshm-symlink(37403) https://exchange.xforce.ibmcloud.com/vulnerabilities/37403 Common Vulnerability Exposure (CVE) ID: CVE-2007-4993 20071008 rPSA-2007-0210-1 xen http://www.securityfocus.com/archive/1/481825/100/0/threaded 25825 http://www.securityfocus.com/bid/25825 26986 http://secunia.com/advisories/26986 27047 27072 27085 27103 27141 http://secunia.com/advisories/27141 27161 http://secunia.com/advisories/27161 27486 ADV-2007-3348 http://www.vupen.com/english/advisories/2007/3348 DSA-1384 FEDORA-2007-2270 FEDORA-2007-2708 FEDORA-2007-713 MDKSA-2007:203 RHSA-2007:0323 USN-527-1 http://www.ubuntu.com/usn/usn-527-1 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 https://issues.rpath.com/browse/RPL-1752 oval:org.mitre.oval:def:11240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.