J-Security Center

Title: Xen XenStore Domain Configuration Data Unsafe Storage Vulnerability

Severity: MODERATE

Description:

Xen is an open-source hypervisor or virtual-machine monitor. Xen allows domains to share information by reading and writing from the XenStore shared database.

Xen is prone to a vulnerability that causes configuration information to be stored in a location that is writable by guest domains.

Guest domains are able to freely write to the '/local/domain/[domainid]' directory of XenStore. This directory includes the path of the TTY text terminal and the port of the VNC graphical interface. This information may later be used by host domain applications.

A guest domain may write malicious data to these locations. Host domain applications trusting this data may then perform unsafe actions on it.

Details on the consequences of this issue are not currently available. We will update this BID as more information emerges.

UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.

Xen 3.3 is vulnerable; other versions may also be affected.

Affected Products:

  • MandrakeSoft Corporate Server 4.0
  • MandrakeSoft Corporate Server 4.0.0 x86_64
  • RedHat Enterprise Linux 5 server
  • RedHat Enterprise Linux Desktop 5 client
  • RedHat Enterprise Linux Desktop Multi OS 5 client
  • RedHat Enterprise Linux Virtualization 5 server
  • XenSource Xen 3.3.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.