CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 5CVE-2009-3525 – Xen 3.x - pygrub Local Authentication Bypass
https://notcve.org/view.php?id=CVE-2009-3525
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. El pyGrub en Xen v3.0.3, v3.3.0, y Xen-3.3.1 no soporta la opción password en grub.conf para las invitaciones "para-virtualized", lo que permite a atacantes con acceso a la consola invitada para-virtualized iniciar la invitación o modificar los parámetros de arranque del kernel del invitado sin proporcionar el password esperado. • https://www.exploit-db.com/exploits/33255 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://secunia.com/advisories/36908 http://www.openwall.com/lists/oss-security/2009/09/25/1 http://www.redhat.com/support/errata/RHSA-2009-1472.html http://www.securityfocus.com/bid/36523 http://www.securitytracker.com/id?1022950 http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3 https://bugzilla.redhat.com/show_bug.cgi?id=525740 https://bugzilla&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 1CVE-2009-1758 – kernel: xen: local denial of service
https://notcve.org/view.php?id=CVE-2009-1758
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a segmentation fault in "certain address ranges." La función hypervisor_callback en Xen, posiblemente anteriores a v3.4.0, como la que se aplica al kernel de linux v2.6.30-rc4, 2.6.18 y posiblemente otroas versiones permiten a aplicaciones del usuario guess provocar una denegación de servicio (kernel opps) en el sistema invitado mediante cuando se provoca un fallo de segmentación en "determinados rangos de direcciones". • http://lists.xensource.com/archives/html/xen-devel/2009-05/msg00561.html http://secunia.com/advisories/35093 http://secunia.com/advisories/35298 http://www.debian.org/security/2009/dsa-1809 http://www.openwall.com/lists/oss-security/2009/05/14/2 http://www.securityfocus.com/bid/34957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10313 https://access.redhat.com/security/cve/CVE-2009-1758 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5716
https://notcve.org/view.php?id=CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. xend en Xen 3.3.0 no restringe adecuadamente el acceso de escritura de una máquina virtual invitada en el árbol de directorios xenstore /local/domain, lo que permite a usuarios del sistema operativo visitantes provocar una denegación de servicio y posiblemente tener otro impacto no especificado escribiendo en (1) console/tty, (2) console/limit, o (3) image/device-model-pid. NOTA: este problema existe debido a llamadas set_permissions erróneas en el parche para CVE-2008-4405. • http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html http://openwall.com/lists/oss-security/2008/12/19/1 http://www.securityfocus.com/bid/31499 https://exchange.xforce.ibmcloud.com/vulnerabilities/47668 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3687
https://notcve.org/view.php?id=CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. Un desbordamiento de búfer basado en pila en la función flask_security_label en Xen 3.3, cuando se compila con el modulo XSM:FLASK, permite que usuarios del dominio (domU) sin privilegios puedan ejecutar código arbitrario a través de la hiperllamada flask_op. • http://invisiblethingslab.com/bh08/part2.pdf http://secunia.com/advisories/31561 http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html http://www.nabble.com/-PATCH--XSM--FLASK--Argument-handling-bugs-in-XSM:FLASK-to18536032.html http://www.securityfocus.com/bid/30834 http://www.securitytracker.com/id?1020731 http://www.vupen.com/english/advisories/2008/2426 http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •