CVE-2008-4405 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4405): libvirt 0.3.3 relies on files located under subdirectories of /local/domain in xenstore despite lack of protection against modification by Xen guest virtual machines, which allows guest OS users to have an unspecified impact, as demonstrated by writing to (1) the text console (console/tty) or (2) the VNC port for the graphical framebuffer.
The patch: http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70 Info: http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064
The patch is incomplete, as noted here: http://thread.gmane.org/gmane.comp.security.oss.general/1344/ This incomplete patch has been assigned CVE-2008-5716.
*** Bug 252731 has been marked as a duplicate of this bug. ***
Can this be closed? the oldest version in the tree is 0.4.6
Oldest version in the tree is now 0.6.3. Looking for some follow up from the security team since it's their bug.
Closing noglsa, as it never had a stable version.
