Xen patches admin privilege escalation vulnerability

By

Allows admins with limited privileges to take full control.

Open source hypervisor developer Xenproject has issued a patch for a management tool vulnerability that could allow administrators with limited privileges to take full control of the whole host.

Xen patches admin privilege escalation vulnerability

The flaw in the xl management tool stack was introduced with Xen 4.1 and affects all subsequent releases of the hypervisor, Xenproject said in its security advisory.

Both the x86 and ARM architecture variants of Xen are affected, but only systems using xl directly are vulnerable. Systems that use the libxl library directly without the xl command line are not vulnerable, nor are those that utilise other tool stacks.

Specifically, the flaw is due to the xl command line not handling long configuration values that are passed as arguments properly, resulting in a buffer overrun.

While Xenproject said it is not aware of "any publicly distributed production software which exposes the xl vulnerability" it noted that it is simple to exploit the flaw locally for an attacker to attempt to gain management rights to hosted domain.

A patch has been developed for the XSA-137 flaw and administrators can also mitigate against the vulnerability by limiting the length of all configuration settings for the xl command line to less than 1024 characters.

The flaw was also patched in Xen 4.5.1, released on June 29 this year, but details of the vulnerability were kept secret to allow large users of the hypervisor to deploy the fix.

Donghai Zhu of Chinese e-tailer Alibaba's security team is credited with finding the vulnerability.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?