Vigil@nce - Xen: denials of service via netback
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker, who is located in a Xen guest system, can
trigger two denials of service via netback.
Impacted products: Unix (platform)
Severity: 1/4
Creation date: 05/02/2013
DESCRIPTION OF THE VULNERABILITY
The netback driver of Xen is located in the kernel of Dom0, and it
is connected to virtual network devices of DomU systems. It is
impacted by two vulnerabilities.
An attacker can trigger a large loop. [severity:1/4; BID-57743,
CVE-2013-0216]
An attacker can trigger a memory leak. [severity:1/4; BID-57744,
CVE-2013-0217]
A local attacker, who is located in a Xen guest system, can
therefore trigger two denials of service via netback.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denials-of-service-via-netback-12379