Rapid7 Vulnerability & Exploit Database

RHSA-2009:1472: xen security and bug fix update

Back to Search

RHSA-2009:1472: xen security and bug fix update

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
10/05/2009
Created
07/25/2018
Added
10/14/2009
Modified
07/04/2017

Description

Xen is an open source virtualization framework. Virtualization allows usersto run guest operating systems in virtual machines on top of a hostoperating system.The pyGrub boot loader did not honor the "password" option in the grub.conffile for para-virtualized guests. Users with access to a guest's consolecould use this flaw to bypass intended access restrictions and boot theguest with arbitrary kernel boot options, allowing them to get rootprivileges in the guest's operating system. With this update, pyGrubcorrectly honors the "password" option in grub.conf for para-virtualizedguests. (CVE-2009-3525)This update also fixes the following bugs:All Xen users should upgrade to these updated packages, which containbackported patches to correct these issues. After installing the updatedpackages, the xend service must be restarted for this update to takeeffect.

Solution(s)

  • redhat-upgrade-xen
  • redhat-upgrade-xen-devel
  • redhat-upgrade-xen-libs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;