Virtualization Technology News and Information
Article
RSS
Secunia Reports Xen Vulnerability

Joris van Rantwijk has reported a vulnerability in Xen, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.

The vulnerability is reported in Xen 3.0.3. Other versions may also be affected.

The reported solution is to grant only trusted users "root" privileges to guest domains.

Read the original advisory from Secunia, here.

Published Tuesday, October 02, 2007 6:24 AM by David Marshall
Filed under:
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
top25
Calendar
<October 2007>
SuMoTuWeThFrSa
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910