CVE-2007-4993 - OpenCVE

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Xensource Inc	Xen

Configuration 1 [-]

cpe:2.3:a:xensource_inc:xen:3.0.3:*:*:*:*:*:*:*

References

Link	Resource
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068
http://secunia.com/advisories/26986	Vendor Advisory
http://secunia.com/advisories/27047
http://secunia.com/advisories/27072
http://secunia.com/advisories/27085
http://secunia.com/advisories/27103
http://secunia.com/advisories/27141
http://secunia.com/advisories/27161
http://secunia.com/advisories/27486
http://www.debian.org/security/2007/dsa-1384
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.redhat.com/support/errata/RHSA-2007-0323.html
http://www.securityfocus.com/archive/1/481825/100/0/threaded
http://www.securityfocus.com/bid/25825
http://www.ubuntu.com/usn/usn-527-1
http://www.vupen.com/english/advisories/2007/3348
https://issues.rpath.com/browse/RPL-1752
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2007-09-27T17:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-20T00:00:00

Link: CVE-2007-4993

JSON object: View

NVD Information

Status : Modified

Published: 2007-09-27T17:17:00.000

Modified: 2018-10-15T21:39:33.237

Link: CVE-2007-4993

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "MDKSA-2007:203", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1752"}, {"name": "FEDORA-2007-2270", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"}, {"name": "27047", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27047"}, {"name": "26986", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26986"}, {"name": "27486", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27486"}, {"name": "27085", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27085"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068"}, {"name": "27141", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27141"}, {"name": "FEDORA-2007-2708", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"}, {"name": "27103", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27103"}, {"name": "20071008 rPSA-2007-0210-1 xen", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/481825/100/0/threaded"}, {"name": "RHSA-2007:0323", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"}, {"name": "27161", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27161"}, {"name": "25825", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25825"}, {"name": "27072", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27072"}, {"name": "oval:org.mitre.oval:def:11240", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240"}, {"name": "FEDORA-2007-713", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"}, {"name": "USN-527-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-527-1"}, {"name": "DSA-1384", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2007/dsa-1384"}, {"name": "ADV-2007-3348", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3348"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2007-4993", "datePublished": "2007-09-27T17:00:00", "dateReserved": "2007-09-20T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xensource_inc:xen:3.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "2F147FAC-C7E1-423E-BE47-A6BFA0E12066", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements."}, {"lang": "es", "value": "pygrub (tools/pygrub/src/GrubConf.py) en Xen 3.0.3, en el arranque de un dominio invitado, permite a usuarios locales con privilegios elevados en el dominio invitado ejecutar comandos de su elecci\u00f3n en el dominio 0 mediante un fichero grub.conf manipulado artesanalmente cuyo contenido es utilizado en sentencias exec."}], "id": "CVE-2007-4993", "lastModified": "2018-10-15T21:39:33.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-27T17:17:00.000", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26986"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27047"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27072"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27085"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27103"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27141"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27161"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/27486"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2007/dsa-1384"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:203"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2007-0323.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/481825/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/25825"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/usn-527-1"}, {"source": "secalert@redhat.com", "url": "http://www.vupen.com/english/advisories/2007/3348"}, {"source": "secalert@redhat.com", "url": "https://issues.rpath.com/browse/RPL-1752"}, {"source": "secalert@redhat.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11240"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00030.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00082.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}