oss-sec mailing list archives

Re: New Xen ioemu: PVFB backend issue

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 23 Jun 2008 14:41:31 -0400 (EDT)


On Thu, 19 Jun 2008, Nico Golde wrote:

Can you take care about the remaining steps to get this on
the mitre site or Steve could you update this? Quite some
time passed since this was assigned :)


There was enough in the initial post, I just missed it the first time
around.

Any idea on affected Xen versions?

- Steve

======================================================
Name: CVE-2008-1952
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1952
Reference: MLIST:[Xen-devel] 20080521 [PATCH] ioemu: Fix PVFB backend to limit frame buffer size
Reference: URL:http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html
Reference: MLIST:[oss-security] 20080521 New Xen ioemu: PVFB backend issue
Reference: URL:http://www.openwall.com/lists/oss-security/2008/05/21/9
Reference: CONFIRM:http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721

The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in
Xen ioemu does not properly restrict the frame buffer size, which
allows attackers to cause a denial of service (crash) by mapping an
arbitrary amoount of guest memory.

Current thread:

[vendor-sec] [oss-security] New Xen ioemu: PVFB backend issue Jan Lieskovsky (May 21)
- Re: New Xen ioemu: PVFB backend issue Nico Golde (Jun 19)
  - Re: New Xen ioemu: PVFB backend issue Steven M. Christey (Jun 23)
    - Re: [vendor-sec] Re: [oss-security] New Xen ioemu: PVFB backend issue Robert Buchholz (Jun 24)