FrSIRT - Fedora Security Update Fixes Xen Multiple Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Xen Multiple Code Execution Vulnerabilities

Title : Fedora Security Update Fixes Xen Multiple Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-3401
CVE ID : CVE-2007-1320 - CVE-2007-1321 - CVE-2007-4993
Rated as : Moderate Risk

Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-10-09

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by malicious users to execute arbitrary code [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

484613b34cc8a413fe1b3572b848def93901e2ee SRPMS/xen-3.0.3-12.fc6.src.rpm
484613b34cc8a413fe1b3572b848def93901e2ee noarch/xen-3.0.3-12.fc6.src.rpm
ff66d2e5a02144749c5a7ee1eede9a79f1d42292 x86_64/xen-libs-3.0.3-12.fc6.x86_64.rpm
c2cf66a1fea52fafaba74f1e3f7270a16498ee0f x86_64/xen-devel-3.0.3-12.fc6.x86_64.rpm
0571bf8254866a0444e1f72a4885a9a020b70712 x86_64/debug/xen-debuginfo-3.0.3-12.fc6.x86_64.rpm
2f31b5236539b93cc21d8d9c327ec8c7ff70a661 x86_64/xen-3.0.3-12.fc6.x86_64.rpm
32b9d45323e7f20a698ecbdb1f592f091198448e i386/debug/xen-debuginfo-3.0.3-12.fc6.i386.rpm
36acff8e249a726970af02f449a5bd412ca0ccff i386/xen-3.0.3-12.fc6.i386.rpm
2c58be5ce5b7affc54bde794d9120aa64830e232 i386/xen-devel-3.0.3-12.fc6.i386.rpm
1e31c12dab0fdd018eb5ed93962ef7058e1e4f30 i386/xen-libs-3.0.3-12.fc6.i386.rpm

ChangeLog

2007-10-09 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability
	Cisco Products Remote DNS Cache Poisoning Vulnerability
	Cisco Wide Area Application Services CUPS Remote Vulnerability
	Cisco UCM Denial of Service and Authentication Bypass Vulnerabilities
	Cisco Intrusion Prevention System Jumbo Frame Vulnerability
	Cisco VPN Client Deterministic Network Enhancer Privilege Escalation

	IBM AIX "swcons" Insecure Permission Privilege Escalation Vulnerability
	IBM WebSphere Application Server Cross Site Scripting Vulnerability
	IBM DB2 CLR Stored Procedures Unspecified Vulnerability
	IBM Lotus Quickr Multiple Cross Site Scripting Vulnerabilities
	IBM WebSphere Portal Remote Authentication Bypass Vulnerability
	IBM Rational ClearQuest Login Page Cross Site Scripting Vulnerability
	IBM WebSphere Application Server Security Exposure Vulnerabilities