CVE-2007-3919

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

Published: 2007-10-28 Last update: 2026-04-23 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2007-3919 is rated Low Risk (26.9/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.04%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2007-3919

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-03-17 0.06% 0.04% -0.03%
2 2024-12-23 0.04% 0.06% +0.02%
3 2023-03-07 0.04%

Full EPSS history (4 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2007-3919

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.0 2.0 MEDIUM
AV:L/AC:M/Au:S/C:N/I:C/A:C Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:M)
Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:S)
A single authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 2.7 9.2 [email protected]

Weakness enumeration for CVE-2007-3919

OS Trackers for CVE-2007-3919

vendor priority summary link
redhat low https://access.redhat.com/security/cve/CVE-2007-3919
ubuntu low CVE-2007-3919 low priority: Ubuntu including 3 source packages (xen, xen-3.0, xen-3.1), 39 status rows across 13 suites (dapper, edgy, feisty, gutsy, hardy, intrepid, jaunty, karmic, lucid, maverick, natty, oneiric, upstream): DNE 29, ignored 6, needs-triage 3, not-affected 1. https://ubuntu.com/security/CVE-2007-3919

Vendor comments (NVD) for CVE-2007-3919

  • Red Hat (2007-11-01T00:00:00)

    Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3919 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Affected software / configurations for CVE-2007-3919

Vendor Product Version Raw CPE
xensource_inc xen 3.0.3_0_1 cpe:2.3:a:xensource_inc:xen:3.0.3_0_1:*:*:*:*:*:*:*
xensource_inc xen 3.0.3_0_3 cpe:2.3:a:xensource_inc:xen:3.0.3_0_3:*:*:*:*:*:*:*

References for CVE-2007-3919

URL Tags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=447795
http://osvdb.org/41342
http://osvdb.org/41343
http://secunia.com/advisories/27389 Vendor Advisory
http://secunia.com/advisories/27408 Vendor Advisory
http://secunia.com/advisories/27486
http://secunia.com/advisories/27497 Vendor Advisory
http://secunia.com/advisories/29963
http://www.debian.org/security/2007/dsa-1395
http://www.mandriva.com/security/advisories?name=MDKSA-2007:203
http://www.redhat.com/support/errata/RHSA-2008-0194.html
http://www.securityfocus.com/bid/26190
http://www.securitytracker.com/id?1018859
http://www.vupen.com/english/advisories/2007/3621
https://exchange.xforce.ibmcloud.com/vulnerabilities/37403
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9913
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00004.html
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00075.html
cvelogic Threat Intelligence