[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] PV privilege escalation - advisory

Is there some scenario how to test that our config is affected?

In this article:
is being mentioned about linux is affected.

Does this means that guest 2.6.18+ would be not able to abuse?


2012/6/14 Peter Braun <xenware@xxxxxxxxx>:
> We are in the worst case:
> - intel cpu
> - domU not under control
> We will have to go own package way.
> Thanks
> Peter
> 2012/6/14 Fajar A. Nugraha <list@xxxxxxxxx>:
>> On Thu, Jun 14, 2012 at 1:35 PM, Peter Braun <xenware@xxxxxxxxx> wrote:
>>> Hello,
>>> we are using 3.4.3 from Gitco.de on 64bit Centos 5.8 and we have PV
>>> guests 64bit.
>>> According to described security bug we are in danger.
>>> What do you suggest? Wait for gitco update or build xen own with patch?
>> It depends :)
>> If you use newer AMD processor, it shouldn't matter.
>> If you control all of your domU, you could probably wait, as it
>> requires root privilege on domU to trigger the bug.
>> However if you run (e.g.) a VPS-hosting where other people have
>> control of the domU, you should build your own upgraded package
>> immediately.
>> FWIW, this is one of the example on how using vendor-provided packages
>> would be useful. Redhat already released updated that address that
>> vulnerability:
>> https://access.redhat.com/security/cve/CVE-2012-0217
>> https://rhn.redhat.com/errata/RHSA-2012-0721.html
>> --
>> Fajar

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.