In association with heise online

02 October 2007, 15:30

Security hole in Xen

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A vulnerability has been detected in the Xen virtualisation software that can be exploited by users with root privileges in a guest domain to execute arbitrary commands in domain 0. The problem results from a bug in the tools/pygrub/src/ script, which reads data from the configuration of the Grub boot manager (boot/grub/grub.conf) and tries to set parameters by using the exec command without proper sanitation. During the next reboot, a manipulated configuration file may be used to pass commands to the shell via the script running in domain 0 and to trigger execution. Joris van Rantwijk has published a sample exploit in his Bugzilla entry on to demonstrate the vulnerability:

default "+str(0*os.system(" insert evil command here "))+"

The flaw was detected in Xen 3.0.3; other versions might also be affected. No update has been provided yet. Xen is a component of most Linux distributions and the basis of the commercial variants XenSource and Virtual Iron.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit