Local File Disclosure in QEMU VNC Server Affecting Xen Environments
CVE-2007-0998

Currently unrated

Key Information:

Vendor: Xen Project
Status: Qemu
Vendor: CVE Published:; 20 March 2007

What is CVE-2007-0998?

The VNC server implementation within QEMU, utilized in Xen environments, allows local users operating in a guest OS to access sensitive files on the host OS through unspecified vectors linked to QEMU's monitor mode. This can be exploited by linking files to a CDROM device, potentially compromising the integrity of host system data. The vulnerability underscores the need for stringent access controls and monitoring in virtualized environments to safeguard against unauthorized file access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33085

vdb-entryx_refsource_XF

http://secunia.com/advisories/51413

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/22967

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 20, 2007
Vulnerability Reserved
Feb 16, 2007

Xen Project

What is CVE-2007-0998?

References

Timeline