Lucene search
Jan LieskovskyEDB-ID:33255HistorySep 25, 2009 - 12:00 a.m.
Xen 3.x - pygrub Local Authentication Bypass
2009-09-2500:00:00
Jan Lieskovsky
www.exploit-db.com
15
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/36523/info
Xen is prone to a local authentication-bypass vulnerability.
A local attacker with physical access to an affected host can exploit this issue to bypass authentication and modify the 'grub.conf' file. This may aid in a complete compromise of the affected system.
Xen 3.0.3, 3.3.0, and 3.3.1 are affected; other versions may also be vulnerable.
xm create -c guest
press space bar to stop the grub count down
press e to edit
select the kernel line and press e
Append a "1" to the end of the kernel line and press return
press "b" to boot Related
cvelist
cvelist
CVE-2009-3525
2009-10-05 19:00:00
openvas
openvas
CentOS Update for xen CESA-2009:1472 centos5 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:1472
2009-10-06 00:00:00
CentOS Security Advisory CESA-2009:1472 (xen)
2009-11-11 00:00:00
cve
cve
CVE-2009-3525
2009-10-05 19:30:00
nessus
nessus
Scientific Linux Security Update : xen on SL5.x i386/x86_64
2012-08-01 00:00:00
SuSE 11 Security Update : Xen (SAT Patch Number 2230)
2010-12-02 00:00:00
openSUSE Security Update : xen-201004 (openSUSE-SU-2010:0293-1)
2010-05-26 00:00:00
prion
prion
Design/Logic Flaw
2009-10-05 19:30:00
centos
centos
xen security update
2009-10-30 14:44:02
veracode
veracode
Privilege Escalation
2020-04-10 00:38:08
ubuntucve
ubuntucve
CVE-2009-3525
2009-10-05 00:00:00
oraclelinux
oraclelinux
xen security and bug fix update
2009-10-01 00:00:00
redhat
redhat
(RHSA-2009:1472) Moderate: xen security and bug fix update
2009-10-01 00:00:00
nvd
nvd
CVE-2009-3525
2009-10-05 19:30:00