Xen 3.0.3 pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script. Thi...

Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY本地命令注入漏洞

XenSource是一款流行的虚拟化程序。 XenSource包含的'tools/pygrub/src/GrubConf.py'脚本存在输入验证，本地攻击者可以利用漏洞提升特权执行任意命令。 当启动客户域时，pygrub使用Python exec来处理来自grub.conf中的不可信数据，通过构建grub.conf文件，在客户域中的root用户可以在domain 0中执行任意python代码。 修改grub.conf文件中的'default'： default "+str0os.system" insert evil command here "+" 可导致任意命令执行。 XenSour...

Xen 3.0.3 - pygrub TOOLSPYGRUBSRCGRUBCONF.PY Local Command Injection

Xen 3.0.3 - pygrub TOOLSPYGRUBSRCGRUBCONF.PY Local Command Injection source: https://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the...

Xen 3.0.3 - pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection

source: https://www.securityfocus.com/bid/25825/info Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script. This vulnerability affects Xen 3.0.3;...