CVE-2016-9380
https://notcve.org/view.php?id=CVE-2016-9380
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file. El emulador de cargador de arranque pygrub en Xen, cuando se solicita el formato de salida delimitado por nulos, permite a administradores locales del SO invitado que utilizan pygrub leer o eliminar archivos arbitrarios en el host a través de bytes NUL en el archivo de configuración del gestor de arranque. • http://www.securityfocus.com/bid/94473 http://www.securitytracker.com/id/1037347 http://xenbits.xen.org/xsa/advisory-198.html http://xenbits.xen.org/xsa/xsa198.patch https://security.gentoo.org/glsa/201612-56 https://support.citrix.com/article/CTX218775 • CWE-20: Improper Input Validation •
CVE-2016-9637 – Xen: qemu ioport out-of-bounds array access (XSA-199)
https://notcve.org/view.php?id=CVE-2016-9637
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access. Las funciones (1) ioport_read y (2) ioport_write en Xen, cuando qemu es utilizado como un modelo de dispositivo dentro de Xen, podría permitir a administradores locales del SO invitado x86 HVM obtener privilegios del proceso qemu a través de vectores que involucran un acceso ioport fuera de rango. An out of bounds array access issue was found in the Xen virtual machine monitor, built with the QEMU ioport support. It could occur while doing ioport read/write operations, if guest was to supply a 32bit address parameter. A privileged guest user/process could use this flaw to potentially escalate their privileges on a host. • http://rhn.redhat.com/errata/RHSA-2016-2963.html http://www.securityfocus.com/bid/94699 http://www.securitytracker.com/id/1037397 http://xenbits.xen.org/xsa/advisory-199.html https://lists.debian.org/debian-lts-announce/2018/02/msg00005.html https://security.gentoo.org/glsa/201612-56 https://support.citrix.com/article/CTX219136 https://access.redhat.com/security/cve/CVE-2016-9637 https://bugzilla.redhat.com/show_bug.cgi?id=1397043 • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-6259
https://notcve.org/view.php?id=CVE-2016-6259
Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access Prevention (SMAP) whitelisting in 32-bit exception and event delivery, which allows local 32-bit PV guest OS kernels to cause a denial of service (hypervisor and VM crash) by triggering a safety check. Xen 4.5.x hasta la version 4.7.x no implementa listas blancas Supervisor Mode Access Prevencion (SMAP) en excepción 32 bits y entrega de eventos, lo que permite a kernels 32-bit PV locales del SO invitado provocar una denegación de servicio (hipervisor y caida VM) mediante la activación de un control de seguridad. • http://support.citrix.com/article/CTX214954 http://www.securityfocus.com/bid/92130 http://www.securitytracker.com/id/1036447 http://xenbits.xen.org/xsa/advisory-183.html http://xenbits.xen.org/xsa/xsa183-4.6.patch http://xenbits.xen.org/xsa/xsa183-unstable.patch • CWE-20: Improper Input Validation •
CVE-2016-6258
https://notcve.org/view.php?id=CVE-2016-6258
The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows local 32-bit PV guest OS administrators to gain host OS privileges by leveraging fast-paths for updating pagetable entries. El código de tabla de página PV en arch/x86/mm.c en Xen 4.7.x y versiones anteriores permite a administradores 32-bit PV locales del SO invitado obtener privilegios de administrador del SO mediante el aprovechamiento de fast_paths para la actualización de las entradas de la tabla de página. • http://support.citrix.com/article/CTX214954 http://www.debian.org/security/2016/dsa-3633 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/92131 http://www.securitytracker.com/id/1036446 http://xenbits.xen.org/xsa/advisory-182.html http://xenbits.xen.org/xsa/xsa182-4.5.patch http://xenbits.xen.org/xsa/xsa182-4.6.patch http://xenbits.xen.org/xsa/xsa182-unstable.patch https://security.gentoo.org/glsa/201611- • CWE-284: Improper Access Control •
CVE-2016-5302
https://notcve.org/view.php?id=CVE-2016-5302
Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. Citrix XenServer 7.0 en versiones anteriores a Hotfix XS70E003, cuando un despliegue se ha actualizado desde una versión anterior, podría permitir a atacantes remotos en la red de gestión "comprometer" un host aprovechando las credenciales para una cuenta Active Directory. • http://support.citrix.com/article/CTX213549 http://www.securitytracker.com/id/1036082 https://support.citrix.com/article/CTX213769 • CWE-284: Improper Access Control •