Open source hypervisor developer Xenproject has issued a patch for a management tool vulnerability that could allow administrators with limited privileges to take full control of the whole host.
Both the x86 and ARM architecture variants of Xen are affected, but only systems using xl directly are vulnerable. Systems that use the libxl library directly without the xl command line are not vulnerable, nor are those that utilise other tool stacks.
Specifically, the flaw is due to the xl command line not handling long configuration values that are passed as arguments properly, resulting in a buffer overrun.
While Xenproject said it is not aware of "any publicly distributed production software which exposes the xl vulnerability" it noted that it is simple to exploit the flaw locally for an attacker to attempt to gain management rights to hosted domain.
A patch has been developed for the XSA-137 flaw and administrators can also mitigate against the vulnerability by limiting the length of all configuration settings for the xl command line to less than 1024 characters.
The flaw was also patched in Xen 4.5.1, released on June 29 this year, but details of the vulnerability were kept secret to allow large users of the hypervisor to deploy the fix.
Donghai Zhu of Chinese e-tailer Alibaba's security team is credited with finding the vulnerability.