SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Xen Vendors:   Xen Project
Xen Hypervisor PVFB Validation Bug Lets Local Users Deny Service and May Let Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1020957
SecurityTracker URL:  http://securitytracker.com/id/1020957
CVE Reference:   CVE-2008-1952   (Links to External Site)
Updated:  Oct 2 2008
Original Entry Date:  Oct 1 2008
Impact:   Denial of service via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 3.3
Description:   A vulnerability was reported in Xen. A local user can cause denial of service conditions. A local user may be able to obtain elevated privileges on the target system.

The hypervisor para-virtualized frame buffer (PVFB) backend does not properly validate the frame buffer size. A privileged local user in the unprivileged domain (DomU) can exploit this to map an arbitrary amount of guest memory. The user may also be able to execute arbitrary code in the privileged domain (Dom0).

The vulnerability resides in 'tools/ioemu/hw/xenfb.c'.

Impact:   A local user can cause denial of service conditions.

A privileged local user may be able to obtain elevated privileges on the target system.

Solution:   A source code fix is available at:

http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721

Vendor URL:  xen.org/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 1 2008 (Red Hat Issues Fix) Xen Hypervisor PVFB Validation Bug Lets Local Users Deny Service and May Let Local Users Gain Elevated Privileges
Red Hat has released a fix for Red Hat Enterprise Linux 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC