oss-sec mailing list archives
Re: CVE Request (xen)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 3 Oct 2008 17:17:44 -0400 (EDT)
We wrote this up as a libvirt issue, but is it really a Xen issue? - Steve ====================================================== Name: CVE-2008-4405 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4405 Acknowledged: yes Announced: 20080930 Flaw: other Reference: MLIST:[oss-security] 20080930 CVE Request (xen) Reference: URL:http://openwall.com/lists/oss-security/2008/09/30/6 Reference: MLIST:[xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration Reference: URL:http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html Reference: MLIST:[xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration Reference: URL:http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html Reference: MISC:https://bugzilla.redhat.com/show_bug.cgi?id=464817 Reference: CONFIRM:http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70 Reference: CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=464818 libvirt 0.3.3 relies on files located under subdirectories of /local/domain in xenstore despite lack of protection against modification by Xen guest virtual machines, which allows guest OS users to have an unspecified impact, as demonstrated by writing to (1) the text console (console/tty) or (2) the VNC port for the graphical framebuffer. Analysis: There are two perspectives on the problem. First, one can argue that the flaw is in libvirt, because libvirt relies on untrusted data from guest VMs. Second, one can argue that the flaw is in Xen, because Xen makes it possible for guest VMs to write the untrusted data. Because the CVE request is associated with a Red Hat bug report for the libvirt product, CVE takes the first perspective.
Current thread:
- Re: CVE Request (xen) Josh Bressers (Oct 03)
- Re: CVE Request (xen) Steven M. Christey (Oct 03)
- Re: CVE Request (xen) Daniel P. Berrange (Oct 04)
- Re: CVE Request (xen) Steven M. Christey (Oct 03)