Lucene search

[email protected]CVE-2007-6207

HistoryDec 04, 2007 - 12:46 a.m.

CVE-2007-6207

2007-12-0400:46:00

CWE-20

[email protected]

web.nvd.nist.gov

xen

vti

ia64

memory read

cve-2007-6207

security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.0%

JSON

Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not check the RID value for mov_to_rr, which allows a VTi domain to read memory of other domains.

Affected configurations

NVD

Node

xensource_incxenRange≤3.1.1

CPENameOperatorVersion
xensource_inc:xenxensource inc xenle3.1.1

CPE	Name	Operator	Version
xensource_inc:xen	xensource inc xen	le	3.1.1

References

lists.xensource.com/archives/html/xen-announce/2007-11/msg00000.html

lists.xensource.com/archives/html/xen-ia64-devel/2007-10/msg00189.html

osvdb.org/41341

secunia.com/advisories/27915

secunia.com/advisories/29236

www.redhat.com/support/errata/RHSA-2008-0154.html

www.securityfocus.com/bid/26716

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9471

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.0%

JSON

Related for CVE-2007-6207

prion1 cvelist1 nvd1 ubuntucve1 veracode1 seebug1 centos1 nessus4 openvas3 oraclelinux1 redhat1