 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.59499 |
| Category: | Fedora Local Security Checks |
| Title: | Fedora Core 6 FEDORA-2007-343 (xen) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to xen announced via advisory FEDORA-2007-343. This package contains the Xen hypervisor and Xen tools, needed to run virtual machines on x86 systems, together with the kernel-xen* packages. Information on how to use Xen can be found at the Xen project pages. Virtualisation can be used to run multiple versions or multiple Linux distributions on one system, or to test untrusted applications in a sandboxed environment. Update Information: A flaw was found affecting the VNC server code in QEMU. On a fullyvirtualized guest VM, where qemu monitor mode is enabled, a user who had access to the VNC server could gain the ability to read arbitrary files as root in the host filesystem. (CVE-2007-0998) * Wed Mar 14 2007 Daniel P. Berrange - 3.0.3-8.fc6 - Disable access to QEMU monitor over VNC (CVE-2007-0998, bz 230295) * Tue Mar 6 2007 Daniel P. Berrange - 3.0.3-7.fc6 - Ensure PVFB daemon terminates if domain doesn't startup (bz 230634) - Fix ia64 shadow page table mode - Close QEMU file handles when running network script Solution: Apply the appropriate updates. This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2007-343 Risk factor : Medium CVSS Score: 4.3 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2007-0998 BugTraq ID: 22967 http://www.securityfocus.com/bid/22967 http://fedoranews.org/cms/node/2803 http://fedoranews.org/cms/node/2802 http://osvdb.org/34304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10486 RedHat Security Advisories: RHSA-2007:0114 http://rhn.redhat.com/errata/RHSA-2007-0114.html http://www.securitytracker.com/id?1017764 http://secunia.com/advisories/24575 http://secunia.com/advisories/51413 SuSE Security Announcement: SUSE-SU-2014:0446 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html SuSE Security Announcement: openSUSE-SU-2012:1572 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html SuSE Security Announcement: openSUSE-SU-2012:1573 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html http://www.vupen.com/english/advisories/2007/1019 http://www.vupen.com/english/advisories/2007/1020 http://www.vupen.com/english/advisories/2007/1021 XForce ISS Database: fedora-xen-qemuvnc-information-disclosure(33085) https://exchange.xforce.ibmcloud.com/vulnerabilities/33085 |
| Copyright | Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |