Lucene search

PRIOn knowledge basePRION:CVE-2009-3525

HistoryOct 05, 2009 - 7:30 p.m.

Design/Logic Flaw

2009-10-0519:30:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.2%

JSON

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest’s kernel boot parameters without providing the expected password.

CPENameOperatorVersion
xeneq3.3.1
xeneq3.0.3
xeneq3.3.0

Name	Operator	Version
xen	eq	3.3.1
xen	eq	3.0.3
xen	eq	3.3.0

References

lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html

secunia.com/advisories/36908

www.openwall.com/lists/oss-security/2009/09/25/1

www.redhat.com/support/errata/RHSA-2009-1472.html

www.securityfocus.com/bid/36523

www.securitytracker.com/id?1022950

xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3

bugzilla.redhat.com/show_bug.cgi?id=525740

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9466