SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Xen Vendors:   Xen Project
(CentOS Issues Fix) Xen ioport Array Overflow Lets Local Administrative Users on a Guest System Gain Elevated Privileges on the QEMU Process
SecurityTracker Alert ID:  1037507
SecurityTracker URL:  http://securitytracker.com/id/1037507
CVE Reference:   CVE-2016-9637   (Links to External Site)
Date:  Dec 21 2016
Impact:   User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Xen. A local administrative user on the guest system can gain elevated privileges on the qemu process.

A local administrative user on the guest system can trigger an array overflow in ioport to gain qemu process privileges on the host system.

PV guests are not affected.

ARM systems are not affected.

yanghongke@huawei.com of the Huawei Security Test Team reported this vulnerability.

Impact:   A local administrative user on the guest system can gain QEMU process privileges.
Solution:   CentOS has issued a fix.

i386:
2f13f1c8b55429e9ed1e4652cbcdf32f10b611fe329e7d5e8722bf4183cc6e55 xen-3.0.3-148.el5_11.i386.rpm
b4628bbdf7ce77a94d18412ba19e40da9b52a8ccd7358242f613cb125e4d5dde xen-devel-3.0.3-148.el5_11.i386.rpm
6676dc198f1e20aaf3022ba7febc18e618538b7d61f1d7554e5154741ab8e86e xen-libs-3.0.3-148.el5_11.i386.rpm

x86_64:
7aebf9aa212e6289f89e28d9575a1ec83b319206d0ddda050f721fe19f1c0c04 xen-3.0.3-148.el5_11.x86_64.rpm
b4628bbdf7ce77a94d18412ba19e40da9b52a8ccd7358242f613cb125e4d5dde xen-devel-3.0.3-148.el5_11.i386.rpm
10e915469aeaa3b177e939522cfe6c7ad8e4a3a90e2d2403b958f55798269a06 xen-devel-3.0.3-148.el5_11.x86_64.rpm
6676dc198f1e20aaf3022ba7febc18e618538b7d61f1d7554e5154741ab8e86e xen-libs-3.0.3-148.el5_11.i386.rpm
10711bb93f87c94e0933c5ad0f468f162471d4104b499bffe1313bb344ecdbb7 xen-libs-3.0.3-148.el5_11.x86_64.rpm

Source:
e09c3f66be0c6abb4935124d828bc50b256215451fcb3d9f673d790f298f2701 xen-3.0.3-148.el5_11.src.rpm

Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5

Message History:   This archive entry is a follow-up to the message listed below.
Dec 6 2016 Xen ioport Array Overflow Lets Local Administrative Users on a Guest System Gain Elevated Privileges on the QEMU Process



 Source Message Contents

Subject:  [CentOS-announce] CESA-2016:2963 Important CentOS 5 xen Security Update


CentOS Errata and Security Advisory 2016:2963 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-2963.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
2f13f1c8b55429e9ed1e4652cbcdf32f10b611fe329e7d5e8722bf4183cc6e55  xen-3.0.3-148.el5_11.i386.rpm
b4628bbdf7ce77a94d18412ba19e40da9b52a8ccd7358242f613cb125e4d5dde  xen-devel-3.0.3-148.el5_11.i386.rpm
6676dc198f1e20aaf3022ba7febc18e618538b7d61f1d7554e5154741ab8e86e  xen-libs-3.0.3-148.el5_11.i386.rpm

x86_64:
7aebf9aa212e6289f89e28d9575a1ec83b319206d0ddda050f721fe19f1c0c04  xen-3.0.3-148.el5_11.x86_64.rpm
b4628bbdf7ce77a94d18412ba19e40da9b52a8ccd7358242f613cb125e4d5dde  xen-devel-3.0.3-148.el5_11.i386.rpm
10e915469aeaa3b177e939522cfe6c7ad8e4a3a90e2d2403b958f55798269a06  xen-devel-3.0.3-148.el5_11.x86_64.rpm
6676dc198f1e20aaf3022ba7febc18e618538b7d61f1d7554e5154741ab8e86e  xen-libs-3.0.3-148.el5_11.i386.rpm
10711bb93f87c94e0933c5ad0f468f162471d4104b499bffe1313bb344ecdbb7  xen-libs-3.0.3-148.el5_11.x86_64.rpm

Source:
e09c3f66be0c6abb4935124d828bc50b256215451fcb3d9f673d790f298f2701  xen-3.0.3-148.el5_11.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net
Twitter: JohnnyCentOS

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC