XEN Remote Code Execution Vulnerability

Summary

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/94473
The information has been provided by Daniel Richman.


Details

Vulnerable Systems:
 * Citrix Xenserver 6.0.2
 * Citrix Xenserver 6.2.0
 * Citrix Xenserver 6.5
 * Citrix Xenserver 7
 * XEN

The pygrub boot loader emulator does not properly validate data returned to the calling function. When the user requests the ‘S-expression’ output format. A local user on the guest system can exploit this to cause denial of service conditions on the host system or potentially sensitive information from the host system. Guest systems that have been configured by the host administrator to boot using pygrub are affected.

CVE Information:
CVE-2016-9379

Disclosure Timeline:
Publish Date : 2017-01-23
Last Update Date : 2017-01-26

Categories: News