Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Secunia Reports Xen Vulnerability

Joris van Rantwijk has reported a vulnerability in Xen, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.

The vulnerability is reported in Xen 3.0.3. Other versions may also be affected.

The reported solution is to grant only trusted users "root" privileges to guest domains.

Read the original advisory from Secunia, here.

Published Tuesday, October 02, 2007 6:24 AM by David Marshall
Filed under:
Get This Featured White Paper: How to Sell Disaster Recovery to Senior Management
You may also be interested in this white paper: Mind the Gap: Understanding the threats to your Microsoft 365 data
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
DTX-Europe
devslam
connected-britain
total-telecom
ContainerDays2023
GISEC
vExpert
Calendar
<October 2007>
SuMoTuWeThFrSa
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910