OSVDB ID: 85201

Title: Xen Grand Table Hypercall GNTTABOP_swap_grant_ref Sub-operation Input Grant Reference Verification Local Privilege Escalation

Info

Disclosure

Sep 05, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 05, 2012

Description

Xen contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the GNTTABOP_swap_grant_ref sub-operation of the Grand Table hypercall fails to properly verify input grant references. This may allow a local attacker to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability. Check the vendor advisory or solution in the references section.

Products

Citrix Systems, Inc.	Xen	4.2
	XenServer	5.0
		5.0 Update 3
		5.6
		5.6 FP 1
		5.6 SP 2
		6.0
		6.0.2

References

Security Tracker: 1027485
CVE ID: 2012-3516 (see also: NVD)
Secunia Advisory ID: 50472 50530 50814
Related OSVDB ID: 85196 85197 85198 85199 85200 85202
Vendor Specific Advisory URL: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00004.html
Vendor Specific News/Changelog Entry: http://support.citrix.com/article/CTX134708
http://support.citrix.com/article/CTX134876

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85201

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Citrix Systems, Inc.

Xen

XenServer

References

Credit