CVE-2007-4993

Name of the Vulnerable Software and Affected Versions Xen version 3.0.3

Description The issue allows local users with elevated privileges in a guest domain to execute arbitrary commands in domain 0. This is achieved by creating a crafted grub.conf file, whose contents are then used in exec statements, potentially leading to unauthorized command execution.

Recommendations For Xen version 3.0.3, consider restricting access to the grub.conf file to prevent local users from crafting malicious configurations until a patch is available. As a temporary workaround, monitor domain 0 for suspicious activity and limit the privileges of guest domain users to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.