Vulnerability CVE-2007-3919

Vulnerability Name:

CVE-2007-3919 (CCN-37403)

Assigned:

2007-10-23

Published:

2007-10-23

Updated:

2017-09-29

Summary:

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:C/A:C)
5.2 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:S/C:N/I:C/A:C/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Complete Availibility (A): Complete

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59
CWE-377

Vulnerability Consequences:

File Manipulation

References:

Source: CCN
Type: Debian Bug report logs - #447795
xen-utils-3.0.3-1: [CVE-2007-3919] xenmon.py / xenbaked insecure file accesss

Source: MISC
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795

Source: MITRE
Type: CNA
CVE-2007-3919

Source: OSVDB
Type: UNKNOWN
41342

Source: OSVDB
Type: UNKNOWN
41343

Source: CCN
Type: RHSA-2008-0194
Important: xen security and bug fix update

Source: CCN
Type: SA27389
Xen "xenbaked" Insecure Temporary Files

Source: SECUNIA
Type: Vendor Advisory
27389

Source: SECUNIA
Type: Vendor Advisory
27408

Source: SECUNIA
Type: UNKNOWN
27486

Source: SECUNIA
Type: Vendor Advisory
27497

Source: SECUNIA
Type: UNKNOWN
29963

Source: CCN
Type: SECTRACK ID: 1018859
Xen Insecure Temporary File Lets Local Users Truncate Files

Source: DEBIAN
Type: UNKNOWN
DSA-1395

Source: DEBIAN
Type: DSA-1395
xen-utils -- insecure temporary files

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2007:203

Source: CCN
Type: OSVDB ID: 41342
Xen xenbaked /tmp/xenq-shm Symlink Arbitrary File Truncation

Source: CCN
Type: OSVDB ID: 41343
Xen xenmon.py /tmp/xenq-shm Symlink Arbitrary File Truncation

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0194

Source: BID
Type: UNKNOWN
26190

Source: CCN
Type: BID-26190
Xen 'xenmon.py' and 'xenbaked' Insecure Temporary File Creation Vulnerability

Source: SECTRACK
Type: UNKNOWN
1018859

Source: VUPEN
Type: UNKNOWN
ADV-2007-3621

Source: CCN
Type: Xen Web site
Xen

Source: XF
Type: UNKNOWN
xen-xenqshm-symlink(37403)

Source: XF
Type: UNKNOWN
xen-xenqshm-symlink(37403)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9913

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-2708

Source: FEDORA
Type: UNKNOWN
FEDORA-2007-737

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:arm:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:mips:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:s390:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*

AND

cpe:/a:xensource_inc:xen:3.0.3_0_1:*:*:*:*:*:*:*

OR cpe:/a:xensource_inc:xen:3.0.3_0_3:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:rhel_virtualization:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:rhel_virtualization:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:rhel_virtualization:5::server:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20073919	V	CVE-2007-3919	2022-06-30
oval:org.opensuse.security:def:113591	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:26218	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:42250	P	Security update for openssh (Important)	2021-12-22
oval:org.opensuse.security:def:26185	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:32240	P	Security update for the Linux Kernel (Live Patch 41 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:31311	P	Security update for java-1_8_0-openjdk (Important)	2021-11-23
oval:org.opensuse.security:def:31310	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:26169	P	Security update for postgresql, postgresql13, postgresql14 (Important)	2021-11-20
oval:org.opensuse.security:def:26161	P	Security update for samba (Important)	2021-11-10
oval:org.opensuse.security:def:26143	P	Security update for curl (Moderate)	2021-10-11
oval:org.opensuse.security:def:106977	P	xen-4.15.1_01-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:32191	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:26132	P	Security update for MozillaFirefox (Important)	2021-09-22
oval:org.opensuse.security:def:26131	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:26125	P	Security update for grilo (Important)	2021-09-09
oval:org.opensuse.security:def:31677	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:32983	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:32160	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:26080	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:32130	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:31205	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-06-18
oval:org.opensuse.security:def:26072	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:42734	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36327	P	xen-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36582	P	xen-devel-4.4.2_08-1.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32103	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-06-04
oval:org.opensuse.security:def:31620	P	Security update for the Linux Kernel (Important)	2021-05-18
oval:org.opensuse.security:def:32086	P	Security update for java-1_7_0-openjdk (Moderate)	2021-04-29
oval:org.opensuse.security:def:31611	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:32064	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:42058	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:32279	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-03-17
oval:org.opensuse.security:def:31743	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:26207	P	Security update for openssl-1_1 (Moderate)	2021-03-09
oval:org.opensuse.security:def:31729	P	Security update for screen (Important)	2021-02-17
oval:org.opensuse.security:def:31337	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:31322	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32247	P	Security update for the Linux Kernel (Live Patch 33 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:33022	P	Security update for python3 (Important)	2021-02-08
oval:org.opensuse.security:def:26111	P	Security update for cups (Moderate)	2021-02-02
oval:org.opensuse.security:def:32135	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:26034	P	Security update for openldap2 (Moderate)	2021-01-14
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:35843	P	xen-4.1.2_14-0.5.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25970	P	Security update for gdm (Important)	2020-12-03
oval:org.opensuse.security:def:36059	P	xen-4.2.2_04-0.7.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:42466	P	xen-4.2.2_04-0.7.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35651	P	xen-4.0.0_21091_04-0.2.6 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:25893	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:26608	P	libxml2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33290	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31793	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26335	P	security update for go (Low)	2020-12-01
oval:org.opensuse.security:def:25779	P	Security update for the SUSE Linux Enterprise 12 kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31873	P	Security update for cvs (Moderate)	2020-12-01
oval:org.opensuse.security:def:26842	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25393	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:31396	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:27290	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26473	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:25881	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31939	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25405	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:26238	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32301	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25877	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:26708	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25934	P	Security update for the Linux kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32616	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31119	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:25597	P	Security update for squid (Critical)	2020-12-01
oval:org.opensuse.security:def:31764	P	Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:26326	P	Security update for MozillaThunderbird (Moderate)	2020-12-01
oval:org.opensuse.security:def:25952	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26810	P	pure-ftpd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26616	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31131	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25735	P	Security update for exiv2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31976	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:26384	P	Security update for chromium (Moderate)	2020-12-01
oval:org.opensuse.security:def:31526	P	Security update for rsyslog (Moderate)	2020-12-01
oval:org.opensuse.security:def:32403	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:26863	P	apache2-mod_jk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25203	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:27057	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25608	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:32508	P	expat on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27545	P	python-imaging on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25278	P	Security update for mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31486	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:25620	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:31835	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26506	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32569	P	libsoup-2_4-1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25487	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:32807	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25812	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31979	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:26594	P	libopensc2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33251	P	rsyslog on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25628	P	Security update for dpdk (Critical)	2020-12-01
oval:org.opensuse.security:def:31834	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:26807	P	perl-spamassassin on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25950	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:26652	P	xorg-x11 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:26416	P	Security update for nginx (Moderate)	2020-12-01
oval:org.opensuse.security:def:25832	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31895	P	Security update for MozillaFirefox, mozilla-nspr (Important)	2020-12-01
oval:org.opensuse.security:def:25394	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31528	P	Security update for ruby (Moderate)	2020-12-01
oval:org.opensuse.security:def:27325	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:31879	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:26557	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25920	P	Security update for gstreamer-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:32577	P	man on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25469	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:26287	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32345	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:25888	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26761	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25978	P	Security update for tcpdump, libpcap (Moderate)	2020-12-01
oval:org.opensuse.security:def:31120	P	Security update for krb5	2020-12-01
oval:org.opensuse.security:def:25678	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:31920	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:26340	P	Recommended update for openjpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:31525	P	Security update for rsyslog	2020-12-01
oval:org.opensuse.security:def:26849	P	zoo on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26651	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25202	P	Security update for libgxps (Moderate)	2020-12-01
oval:org.opensuse.security:def:25819	P	Security update for python-tornado (Moderate)	2020-12-01
oval:org.opensuse.security:def:32025	P	Security update for kernel-source (Important)	2020-12-01
oval:org.opensuse.security:def:27022	P	qt3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31537	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:32459	P	Security update for xorg-x11-libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:26907	P	gnome-screensaver on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25214	P	Security update for transfig (Low)	2020-12-01
oval:org.opensuse.security:def:31429	P	Recommended update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26023	P	Security update for evince (Important)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:26453	P	Security update for kauth (Moderate)	2020-12-01
oval:org.opensuse.security:def:32547	P	libapr-util1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27580	P	xen-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25406	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31573	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32768	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25684	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:26555	P	glib2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32613	P	wget on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25544	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31785	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.mitre.oval:def:18680	P	DSA-1395-1 xen-3.0 - insecure temporary files	2014-06-23
oval:org.mitre.oval:def:22720	P	ELSA-2008:0194: xen security and bug fix update (Important)	2014-05-26
oval:org.mitre.oval:def:9913	V	(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.	2013-04-29
oval:com.redhat.rhsa:def:20080194	P	RHSA-2008:0194: xen security and bug fix update (Important)	2008-05-13
oval:org.debian:def:1395	V	insecure temporary files	2007-10-25

BACK