Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Xen: several vulnerabilities

September 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker, who is located in a Xen guest system, can use several
vulnerabilities, in order to create a denial of service on the
host, or to execute code.

Impacted products: XenServer, Debian, Fedora, openSUSE, RHEL, SUSE
Linux Enterprise Desktop, SLES, Unix (platform)

Severity: 2/4

Creation date: 05/09/2012

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in Xen.

An attacker, who is located in a paravirtualized 64 bit guest
system, can change the debug register DR7. [severity:1/4;
BID-55400, CVE-2012-3494, XSA-12]

The PHYSDEVOP_get_free_pirq hypercall of Xen 4.1, which is used to
obtain the structure physdev_get_free_pirq, uses the return code
of the get_free_pirq() function as an array index. However, if the
function fails, the error code is an invalid index, which corrupts
the memory, and could lead to code execution. An attacker, who is
located in a guest system, can try to access to a physical IRQ, to
exploit this vulnerability. [severity:2/4; BID-55406,
CVE-2012-3495, XSA-13]

An attacker, who is located in a paravirtualized guest system, can
call XENMEM_populate_physmap with an invalid parameter, in order
to stop the host system. [severity:1/4; BID-55412, CVE-2012-3496,
XSA-14]

When TMEM (Transcendent Memory) is enabled via the option "tmem"
on the hypervisor command line, an attacker located in a guest can
corrupt the host memory, in order to execute code on the host.
[severity:2/4; BID-55410, CVE-2012-3497, XSA-15]

An attacker, who is located in a HVM guest system, can use
PHYSDEVOP_map_pirq with the parameter MAP_PIRQ_TYPE_GSI, in order
to stop the host system. [severity:1/4; BID-55414, CVE-2012-3498,
XSA-16]

An attacker, who is located in a HVM guest system, can use a
malicious VT100 sequence, in order to corrupt the memory, to
elevate his privileges. [severity:2/4; BID-55413, CVE-2012-3515,
XSA-17]

An attacker, who is a located in the Xen 4.2RC guest system, can
use GNTTABOP_swap_grant_ref to stop the host, and possibly to
execute code on the host. [severity:2/4; BID-55411, CVE-2012-3516,
XSA-18]

An attacker, who is located in a Xen guest system, can therefore
use several vulnerabilities, in order to create a denial of
service on the host, or to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Xen-several-vulnerabilities-11916


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts