[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [oss-security] Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/21/2013 04:07 AM, Xen.org security team wrote: > Xen Security Advisory XSA-57 version 3 > > libxl allows guest write access to sensitive console related > xenstore keys > > UPDATES IN VERSION 3 ==================== > > Public release. > > ISSUE DESCRIPTION ================= > > The libxenlight (libxl) toolstack library does not correctly set > permissions on xenstore keys relating to paravirtualised and > emulated serial console devices. This could allow a malicious > guest administrator to change values in xenstore which the host > later relies on being implicitly trusted. > > This vulnerability has not yet been assigned a CVE Candidate number > by MITRE. We will issue an updated version of XSA-57 when this is > available. Please use CVE-2013-2211 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRyfeuAAoJEBYNRVNeJnmThT8P/2Ehm4GlkwopiQeHAZ+sDICM sG62vRRVrTl3NOvmIq1hhCum1CxSkriGsid+v2TDu9RXsyZ8bZHkbwUBdqcxJi0A LxFnmvd/EfWMtdxzbdw5YclFQ3o8ajxpJ9K10NLcVy46Mfcr9ZUA86PdwTcAYUk5 PC9X/EGFXENq+v+PRs6SwuJQyUey39dz1C9w4/R/G7JqNwZMHbuwGJWjC32ExvE9 c4n9NpZCPeHt+xVj/9LPjCMZhVDttq+GRk3o00CBf3ruUYY5cWGbm0X2kZLiqb5/ E+XLdZULQtwdIW/GfAwyjIhO0516dvMYK/rBtZyOvwOTrXvJC95nMSg4BHXq+ae3 7NMAPMH9OF8ppBi3+8MyOh5bdQGu+Dq6v/OzobIcuJa7xXaq+S6B3xZuzQvXInwS WYoaxYtRQoeL2lugxb08D70E4rMKJobCMqao+k9dEiLgyy7Y/OVfwq0Tmj2VJWur Pzil1NBgcPGWA89AdMcVdTJa8RjEc6wbEaFIIRy0EqAGK4o4zjkghwl+19OQNO9A g5hTtjCkJ+OiLHm1lmDnuIK3KJ6HIlDSfIp9qcpu9iu2fQVrVCYAoXRJ9w35gJCQ xvxs/ytE9EyGysQXY7TFsgOnY9SWBUThQgCMUqO2Ylhc/9EaCVemy2J6YJI8yuuS bCJ5Rs25sKay74ovVPeD =jbfT -----END PGP SIGNATURE----- _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |