Xen XenStore Domain 配置数据不安全储存漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116286 漏洞类型 权限许可和访问控制
发布时间 2008-09-30 更新时间 2009-02-06
CVE编号 CVE-2008-4405 CNNVD-ID CNNVD-200810-034
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/32446
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-034
|漏洞详情
xendinXen没有适当的限制/local/domainxenstore目录树的容量,也没有限制来访的VM在目录树的写入权限,这使得一个客户操作系统用户通过向console/tty,console/limit,或者image/device-model-pid进行写入导致一次拒绝服务攻击和可能其他的未明影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/31499/info

Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains.

UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.

Xen 3.3 is vulnerable; other versions may also be affected. 

#yum install xen
# xenstore-write /local/domain/GUEST-DOMID/console/tty /i/am/the/evil/guest
|参考资料

来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=464818
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=464817
来源:xenbits.xensource.com
链接:http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
来源:SECTRACK
名称:1020955
链接:http://www.securitytracker.com/id?1020955
来源:BID
名称:31499
链接:http://www.securityfocus.com/bid/31499
来源:MLIST
名称:[oss-security]20081004Re:CVERequest(xen)
链接:http://www.openwall.com/lists/oss-security/2008/10/04/3
来源:MANDRIVA
名称:MDVSA-2009:016
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:016
来源:VUPEN
名称:ADV-2008-2709
链接:http://www.frsirt.com/english/advisories/2008/2709
来源:SECUNIA
名称:32064
链接:http://secunia.com/advisories/32064
来源:MLIST
名称:[oss-security]20080930CVERequest(xen)
链接:http://openwall.com/lists/oss-security/2008/09/30/6
来源:MLIST
名称:[xen-devel]20080930Re:[PATCH][Xend]Movesomebackendconfiguration
链接:http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html
来源:MLIST
名称:[