Vigil@nce: Citrix XenServer, denial of service via pvops
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker located in a Citrix XenServer guest system can use
some system calls to stop the host.
– Severity: 2/4
– Creation date: 29/06/2010
DESCRIPTION OF THE VULNERABILITY
The Linux kernel can be compiled with the support of Xen
paravirt_ops (pvops) in order to be started on a physical
computer, or as a domU guest of Citrix XenServer.
However, an unprivileged attacker located in a Linux domU with
pvops can use two Linux system calls which generate an error in
the dom0. This error stops the Citrix XenServer dom0.
An attacker located in a Citrix XenServer guest system can
therefore use some system calls to stop the host.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Citrix-XenServer-denial-of-service-via-pvops-9734