OSVDB ID: 85196

Title: Xen VT100 Sequence Handling Address Space Overwrite Local Privilege Escalation

Info

Disclosure

Sep 05, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 05, 2012

Description

Xen contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs during the handling of VT100 sequences. This may allow a local attacker to overwrite arbitrary address spaces, which can allow the attacker to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

It has been reported that this issue has been fixed. Upgrade to version 4.1.4, or higher, to address this vulnerability.

Products

Citrix Systems, Inc.

XenServer

5.0
5.0 Update 3
5.6
5.6 FP 1
5.6 SP 2
6.0
6.0.2

The Linux Foundation

Xen

4.1.0
4.1.2
4.1.1
4.1.3
4.1.4
4.0.0
4.0.2
4.0.1
4.0.3
4.0.4

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/85196