Local File Disclosure in QEMU VNC Server Affecting Xen Environments
CVE-2007-0998

Currently unrated

Key Information:

Vendor: Xen Project
Status: Qemu
Vendor: CVE Published:; 20 March 2007

🔔 Create Xen Project Vulnerability Alert

What is CVE-2007-0998?

The VNC server implementation within QEMU, utilized in Xen environments, allows local users operating in a guest OS to access sensitive files on the host OS through unspecified vectors linked to QEMU's monitor mode. This can be exploited by linking files to a CDROM device, potentially compromising the integrity of host system data. The vulnerability underscores the need for stringent access controls and monitoring in virtualized environments to safeguard against unauthorized file access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33085

vdb-entryx_refsource_XF

http://secunia.com/advisories/51413

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22967

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2007
Vulnerability Reserved
Feb 16, 2007