delimiter injection vulnerabilities in pygrub

ISSUE DESCRIPTION pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its caller. pygrub supports a number of output formats. When the S-expression output format is requested, putting string quotes and S-expressions in the bootloader configuration...

xen-tools -- delimiter injection vulnerabilities in pygrub

The Xen Project reports: pygrub, the boot loader emulator, fails to quote or sanity check its results when reporting them to its caller. A malicious guest administrator can obtain the contents of sensitive host files an information leak. Additionally, a malicious guest administrator can cause fil...

libxl leak of pv kernel and initrd on error

ISSUE DESCRIPTION When constructing a guest which is configured to use a PV bootloader which runs as a userspace process in the toolstack domain e.g. pygrub libxl creates a mapping of the files to be used as kernel and initial ramdisk when building the guest domain. However if building the domain...

OracleVM 2.1 : xen (OVMSA-2009-0031)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add grub.conf password protection support to pygrub rhbz 525142 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from OracleVM Security Advisory...

Xen 3.x pygrub Local Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36523/info Xen is prone to a local authentication-bypass vulnerability. A local attacker with physical access to an affected host can exploit this issue to bypass authentication and modify the 'grub.conf' file. This may a...

Xen 3.0.3 pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script. Thi...

Oracle Linux 5 : xen (ELSA-2012-1130)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2012-1130 advisory. 3.0.3-135.el58.4 - pygrub: Improve handling of big files rhbz 821704 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

Fedora 19 : xen-4.2.2-10.fc19 (2013-11837)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 libxl: Set vfb and vkb devid if not done so by the caller add upstream patch for PCI passthrough problems after XSA-46 xenstore permissions not set correctly by libxl XSA-57 Note that Tenabl...

Oracle Linux 5 : xen (ELSA-2009-1472)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1472 advisory. 3.0.3-94.el54.1 - Fix race condition on domain reboot rhbz 525143 - Avoid multiple restarts of a domain rhbz 525141 - Add grub.conf password protection support ...

Oracle Linux 5 : Important: / xen (ELSA-2007-0323)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-0323 advisory. 3.0.3-25.0.4.el5 - QEmu cirrus bitblit bounds check - CVE-2007-1320 rhbz 296271 - QEmu NE2000 overflow check - CVE-2007-1321 rhbz 296271 - Pygrub guest...

Fedora 18 : xen-4.2.2-10.fc18 (2013-11874)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 libxl: Set vfb and vkb devid if not done so by the caller Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable...

Fedora 17 : xen-4.1.5-9.fc17 (2013-11871)

XSA-45/CVE-2013-1918 breaks page reference counting let pygrub handle set default='$nextentry' line in F19 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as muc...

Fedora 19 : xen-4.2.2-5.fc19 (2013-8513)

xend toolstack doesn't check bounds for VCPU affinity XSA-56, CVE-2013-2072 xen-devel should require libuuid-devel, pygrub menu items can include too much text Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] [DSA 2636-2] xen regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-2636-2 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 03, 2013 http://www.debian.org/security/faq -...

Xen domain builder Out-of-memory due to malicious kernel/ramdisk

ISSUE DESCRIPTION The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM in the domain running the domain builder. CVE-2012-4544 Additionally, under similar...

DEBIAN-CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

Code injection

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...

CVE-2012-2625

The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service memory consumption via a large 1 bzip2 or 2 lzma compressed kernel image...