Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 246068 (CVE-2008-4993) - app-emulation/xen<=3.3.0 symlink attack (CVE-2008-4993)
Summary: app-emulation/xen<=3.3.0 symlink attack (CVE-2008-4993)
Status: RESOLVED DUPLICATE of bug 235805
Alias: CVE-2008-4993
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: B3 [upstream]
Keywords:
Depends on:
Blocks: debian-tempfile
  Show dependency tree
 
Reported: 2008-11-08 14:04 UTC by Stefan Behte (RETIRED)
Modified: 2008-11-08 14:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-08 14:04:57 UTC 
CVE-2008-4993 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4993):
  qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary
  files via a symlink attack on the /tmp/args temporary file.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-11-08 14:10:31 UTC 
I accidently search for qemu, not xen (because of the script's name) and didn't see #235805 first. Sorry!

*** This bug has been marked as a duplicate of bug 235805 ***