CVE-2007-4993

Publication date 27 September 2007

Last updated 24 July 2024

Ubuntu priority

pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xen-3.0	7.04 feisty	Fixed 3.0.3-0ubuntu10.1
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Not in release
xen-3.1	7.10 gutsy	Fixed 3.1.0-0ubuntu16

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-527-1
xen-3.0 vulnerability
5 October 2007

Other references

https://www.cve.org/CVERecord?id=CVE-2007-4993