Arbitrary Code Execution

xen is vulnerable to arbitrary code execution. The hypervisor's para-virtualized framebuffer PVFB backend failed to validate the format of messages serving to update the contents of the framebuffer. This could allow a malicious user to cause a denial of service, or compromise the privileged domai...

Denial Of Service (DoS)

xen is vulnerable to denial of service. The hypervisor's para-virtualized framebuffer PVFB backend failed to validate the frontend's framebuffer description. This could allow a malicious user to cause a denial of service, or to use a specially crafted frontend to compromise the privileged domain...

Scientific Linux Security Update : xen on SL5.x i386/x86_64

Note: Troy Dawson has tested this update on a machine hosting both paravirtualized and fully virtualized machines, both 32 bit and 64 bit. He did the update while all the machines were running, none of them had any problems. He also tried stopping, starting, and rebooting several of the machines...

Scientific Linux Security Update : xen on SL5.x i386/x86_64

It was discovered that the hypervisor's para-virtualized framebuffer PVFB backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain DomU to cause a denial of service, or, possibly, elevate privileges to the privileged...

[Backports-security-announce] Security Update for xen-3

Frederik Schüler uploaded new packages for xen-3 which fixed the following security problems: CVE-2008-0928, Debian Bug 469649, 469654, 469662, 469666 Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges t...

Paper: Adventures with a certain Xen vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Invisible Things Lab is proud to present: "Adventures with a certain Xen vulnerability in the PVFB backend" by Rafal Wojtczuk Starring Xen 3.2.0, DomU an ordinary virtual machine, paravirtualized, Dom0 privileged administrative domain running on FC8...

xen security and bug fix update

3.0.3-64.el52.3 - Fix overflow in qemu-img rhbz 454651 3.0.3-64.el52.2 - Correctly limit PVFB size CVE-2008-1952 rhbz 447760 - Disable QEMU USB disk image format auto-detection CVE-2008-1945 rhbz 445845...

CVE-2008-1952

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

Design/Logic Flaw

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

RHEL 5 : xen (RHSA-2008:0194)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0194 advisory. - xen xenmon.py / xenbaked insecure temporary file accesss CVE-2007-3919 - QEMU Buffer overflow via crafted net socket listen option...

CVE-2008-1944

Buffer overflow in the backend framebuffer of XenSource Xen Para-Virtualized Framebuffer PVFB Message 3.0 through 3.0.3 allows local users to cause a denial of service SDL crash and possibly execute arbitrary code via "bogus screen updates," related to missing validation of the "format of message...

CVE-2008-1943

CVE-2008-1943 affects the Xen PVFB backend in XenSource PVFB 3.0–3.1.2. The issue is a buffer overflow in the PVFB framebuffer description, allowing a local attacker to crash the host and potentially execute arbitrary code via a crafted shared framebuffer description. The vulnerability is tied to...

CVE-2008-1944

CVE-2008-1944 refers to a buffer overflow in XenSource Xen para-virtualized framebuffer (PVFB) backend. The issue arises in PVFB messages 3.0 through 3.0.3 where the format of messages was not validated, potentially allowing a local attacker to cause a denial of service (SDL crash) and possibly e...

CVE-2008-1943

Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer PVFB 3.0 through 3.1.2 allows local users to cause a denial of service crash and possibly execute arbitrary code via a crafted description of a shared framebuffer...

xen security and bug fix update

3.0.3-41.el51.5 - Disable QEMU image format auto-detection CVE-2008-2004 rhbz 444700 3.0.3-41.el51.4 - Fix PVFB to validate frame buffer description rhbz 443376 - Fix PVFB to cope with bogus update requests rhbz 368931 3.0.3-41.el51.3 - Fix QEMU buffer overflow CVE-2007-5730 rhbz 360381 - Fix QEM...