OSVDB ID: 85203

Title: Xen VNC Graphical Display Key Sequence Handling Local Privilege Escalation

Info

Disclosure

Sep 06, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Sep 06, 2012

Description

Xen contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the VNC graphical display during the handling of a certain key sequence. This may allow a local attacker to gain escalated privileges.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

Products

Citrix Systems, Inc.	Xen	4.0
		4.2
		4.1

References

CVE ID: 2012-4411 (see also: NVD)
Related OSVDB ID: 34304
Secunia Advisory ID: 50493 50517 51324 51352 51413
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00012.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
http://www.debian.org/security/2012/dsa-2543
Vendor Specific Advisory URL: http://lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00008.html
Vendor URL: http://www.xen.org/products/xenhyp.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85203

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Citrix Systems, Inc.

Xen

References

Credit