CVE-2010-4247 – xen: request-processing loop is unbounded in blkback
https://notcve.org/view.php?id=CVE-2010-4247
The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c in Xen before 3.4.0 for the Linux kernel 2.6.18, and possibly other versions, allows guest OS users to cause a denial of service (infinite loop and CPU consumption) via a large production request index to the blkback or blktap back-end drivers. NOTE: some of these details are obtained from third party information. La función do_block_io_op en (1) ldrivers/xen/blkback/blkback.c and (2) drivers/xen/blktap/blktap.c en Xen anterior a v3.4.0 para el kernel Linux v2.6.18, y posiblemente otras versiones, permite a los usuarios invitados del sistema operativo causar una denegación de servicio (bucle infinito y el consumo de CPU) a través de un gran índice de producción de peticiones a los controladores blkback o blktap back-end. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • http://secunia.com/advisories/35093 http://secunia.com/advisories/42789 http://secunia.com/advisories/46397 http://www.openwall.com/lists/oss-security/2010/11/23/1 http://www.openwall.com/lists/oss-security/2010/11/24/8 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45029 http://www.vmware.com/security/advisories/VMSA-2011-0012.html http://www.vupen.com/ • CWE-20: Improper Input Validation •
CVE-2010-3699 – kernel: guest->host denial of service from invalid xenbus transitions
https://notcve.org/view.php?id=CVE-2010-3699
The backend driver in Xen 3.x allows guest OS users to cause a denial of service via a kernel thread leak, which prevents the device and guest OS from being shut down or create a zombie domain, causes a hang in zenwatch, or prevents unspecified xm commands from working properly, related to (1) netback, (2) blkback, or (3) blktap. El driver backend en Xen v3.x permite a usuarios del OS causar una denegación de servicio a través de una fuga en el hilo del kernel, lo que evita que el dispositivo y el invitado OS sean apagados o se cree un dominio zombie, causando una caída en zenwatch, o impida que comandos sin especificar xm trabajen de forma adecuada, relacionado con (1) netback, (2) blkback, o (3) blktap. • http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00007.html http://secunia.com/advisories/42372 http://secunia.com/advisories/42789 http://secunia.com/advisories/43056 http://secunia.com/advisories/46397 http://www.redhat.com/support/errata/RHSA-2011-0004.html http://www.securityfocus.com/archive/1/520102/100/0/threaded http://www.securityfocus.com/bid/45039 http://www.securitytracker.com/id?1024786 http://www.vmware.com/security/advisories/VMSA-2011-0012.html ht • CWE-399: Resource Management Errors •
CVE-2009-3525 – Xen 3.x - pygrub Local Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3525
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. El pyGrub en Xen v3.0.3, v3.3.0, y Xen-3.3.1 no soporta la opción password en grub.conf para las invitaciones "para-virtualized", lo que permite a atacantes con acceso a la consola invitada para-virtualized iniciar la invitación o modificar los parámetros de arranque del kernel del invitado sin proporcionar el password esperado. • https://www.exploit-db.com/exploits/33255 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://secunia.com/advisories/36908 http://www.openwall.com/lists/oss-security/2009/09/25/1 http://www.redhat.com/support/errata/RHSA-2009-1472.html http://www.securityfocus.com/bid/36523 http://www.securitytracker.com/id?1022950 http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3 https://bugzilla.redhat.com/show_bug.cgi?id=525740 https://bugzilla • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-1758 – kernel: xen: local denial of service
https://notcve.org/view.php?id=CVE-2009-1758
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." La función hypervisor_callback en Xen, posiblemente anteriores a v3.4.0, como la que se aplica al kernel de linux v2.6.30-rc4, 2.6.18 y posiblemente otroas versiones permiten a aplicaciones del usuario guess provocar una denegación de servicio (kernel opps) en el sistema invitado mediante cuando se provoca un fallo de segmentación en "determinados rangos de direcciones". • http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html http://secunia.com/advisories/35093 http://secunia.com/advisories/35298 http://www.debian.org/security/2009/dsa-1809 http://www.openwall.com/lists/oss-security/2009/05/14/2 http://www.securityfocus.com/bid/34957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10313 https://access.redhat.com/security/cve/CVE-2009-1758 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-399: Resource Management Errors •
CVE-2008-4405 – Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
https://notcve.org/view.php?id=CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protección contra modificaciones introducida por Xen en máquinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) huésped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gráfico framebuffer. • https://www.exploit-db.com/exploits/32446 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/04/3 http • CWE-264: Permissions, Privileges, and Access Controls •