Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 246068 (CVE-2008-4993)

Summary: app-emulation/xen<=3.3.0 symlink attack (CVE-2008-4993)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: xen
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4993
Whiteboard: B3 [upstream]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 235770    

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-08 14:04:57 UTC 
CVE-2008-4993 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4993):
  qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary
  files via a symlink attack on the /tmp/args temporary file.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-08 14:10:31 UTC 
I accidently search for qemu, not xen (because of the script's name) and didn't see #235805 first. Sorry!

*** This bug has been marked as a duplicate of bug 235805 ***