XEN Remote Code Execution Vulnerability
The original article can be found at: http://www.securityfocus.com/bid/94473
The information has been provided by Daniel Richman.
* Citrix Xenserver 6.0.2
* Citrix Xenserver 6.2.0
* Citrix Xenserver 6.5
* Citrix Xenserver 7
The pygrub boot loader emulator does not properly validate data returned to the calling function. When the user requests the ‘S-expression’ output format. A local user on the guest system can exploit this to cause denial of service conditions on the host system or potentially sensitive information from the host system. Guest systems that have been configured by the host administrator to boot using pygrub are affected.
Publish Date : 2017-01-23
Last Update Date : 2017-01-26