EUVD-2007-4974

Malware in sbrugna...

Privilege Escalation

The Xen package is vulnerable to privilege escaltion. A malicious local administrator of a guest domain could create a carefully crafted grub.conf file which would trigger the execution of arbitrary code outside of that domain...

Design/Logic Flaw

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...

xen security and bug fix update

3.0.3-94.el54.1 - Fix race condition on domain reboot rhbz 525143 - Avoid multiple restarts of a domain rhbz 525141 - Add grub.conf password protection support to pygrub rhbz 525142 - Ignore unimplemented PHYSDEVOPmappirq rhbz 525149...

Xen 3.x - pygrub Local Authentication Bypass

Xen 3.x - pygrub Local Authentication Bypass source: https://www.securityfocus.com/bid/36523/info Xen is prone to a local authentication-bypass vulnerability. A local attacker with physical access to an affected host can exploit this issue to bypass authentication and modify the 'grub.conf' file...

xen guest root can escape to domain 0 through pygrub

pygrub tools/pygrub/src/GrubConf.py in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements...

CVE-2007-4993

pygrub tools/pygrub/src/GrubConf.py in Xen 3.0.3, when booting a guest domain, allows local users with elevated privileges in the guest domain to execute arbitrary commands in domain 0 via a crafted grub.conf file whose contents are used in exec statements...