CVE-2007-0998

NameCVE-2007-0998
DescriptionThe VNC server implementation in QEMU, as used by Xen and possibly other environments, allows local users of a guest operating system to read arbitrary files on the host operating system via unspecified vectors related to QEMU monitor mode, as demonstrated by mapping files to a CDROM device. NOTE: some of these details are obtained from third party information.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs436250

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xen-3.0sourceetch(unfixed)
xen-3.0source(unstable)(unfixed)medium436250

Notes

Fedora disabled the VNC access to the Qemu monitor
An adjusted patch has been sent to the debian bugreport

Search for package or bug name: Reporting problems