Test ID:	1.3.6.1.4.1.25623.1.0.58643
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1384-1)
Summary:	The remote host is missing an update for the Debian 'xen-3.0' package(s) announced via the DSA-1384-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'xen-3.0' package(s) announced via the DSA-1384-1 advisory. Vulnerability Insight: Several local vulnerabilities have been discovered in the Xen hypervisor packages which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4993 By use of a specially crafted grub configuration file a domU user may be able to execute arbitrary code upon the dom0 when pygrub is being used. CVE-2007-1320 Multiple heap-based buffer overflows in the Cirrus VGA extension, provided by QEMU, may allow local users to execute arbitrary code via bitblt heap overflow. For the stable distribution (etch), these problems have been fixed in version 3.0.3-0-3. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your xen-utils package. Affected Software/OS: 'xen-3.0' package(s) on Debian 4. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1320 BugTraq ID: 23731 http://www.securityfocus.com/bid/23731 Debian Security Information: DSA-1284 (Google Search) http://www.debian.org/security/2007/dsa-1284 Debian Security Information: DSA-1384 (Google Search) http://www.debian.org/security/2007/dsa-1384 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00706.html https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00935.html http://www.mandriva.com/security/advisories?name=MDKSA-2007:203 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://taviso.decsystem.org/virtsec.pdf http://osvdb.org/35494 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10315 http://www.redhat.com/support/errata/RHSA-2007-0323.html http://secunia.com/advisories/25073 http://secunia.com/advisories/25095 http://secunia.com/advisories/27047 http://secunia.com/advisories/27085 http://secunia.com/advisories/27103 http://secunia.com/advisories/27486 http://secunia.com/advisories/29129 http://secunia.com/advisories/30413 http://secunia.com/advisories/33568 SuSE Security Announcement: SUSE-SR:2009:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://www.vupen.com/english/advisories/2007/1597 Common Vulnerability Exposure (CVE) ID: CVE-2007-4993 20071008 rPSA-2007-0210-1 xen http://www.securityfocus.com/archive/1/481825/100/0/threaded 25825 http://www.securityfocus.com/bid/25825 26986 http://secunia.com/advisories/26986 27047 27072 http://secunia.com/advisories/27072 27085 27103 27141 http://secunia.com/advisories/27141 27161 http://secunia.com/advisories/27161 27486 ADV-2007-3348 http://www.vupen.com/english/advisories/2007/3348 DSA-1384 FEDORA-2007-2270 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html FEDORA-2007-2708 https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html FEDORA-2007-713 MDKSA-2007:203 RHSA-2007:0323 USN-527-1 http://www.ubuntu.com/usn/usn-527-1 http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068 https://issues.rpath.com/browse/RPL-1752 oval:org.mitre.oval:def:11240 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.