OSVDB ID: 85196

Title: Xen VT100 Sequence Handling Address Space Overwrite Local Privilege Escalation

Info

Disclosure
Sep 05, 2012

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Sep 05, 2012

Description

 Xen contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs during the handling of VT100 sequences. This may allow a local attacker to overwrite arbitrary address spaces, which can allow the attacker to gain escalated privileges.

Classification

 Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Citrix Systems, Inc.

Xen

 4.1
4.0
3.4

XenServer

 5.0
5.0 Update 3
5.6
5.6 FP 1
5.6 SP 2
6.0
6.0.2

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/85196