[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request (Sort of urgent) -- Xen -- PyGrub
From:       Jan Lieskovsky <jlieskov () redhat ! com>
Date:       2009-09-30 9:07:37
Message-ID: 4AC31FD9.5050507 () redhat ! com
[Download RAW message or body]

Hello Steve,

   any progress while reviewing the issue and assigning a CVE?

Reformulated flaw details can be found here:
     https://bugzilla.redhat.com/show_bug.cgi?id=525740#c0

And further explanation of it's security implications here:
     https://bugzilla.redhat.com/show_bug.cgi?id=525740#c3

Thanks, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Jan Lieskovsky wrote:
> Hello Steve, vendors,
> 
>   Xen's PyGrub, when grub.conf was configured with password protection,
> did not check for the password at host boot time. An attacker, with 
> physical
> access to the host, could use this flaw to change the OS booting 
> configuration.
> 
> Upstream patches:
> -----------------
> 
> http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3
> http://xenbits.xensource.com/staging/xen-unstable.hg?rev/a28c9c2fa8de
> http://xenbits.xensource.com/xen-unstable.hg?rev/e513d565c8f1
> http://xenbits.xensource.com/xen-unstable.hg?rev/67f1b8b32585
> http://xenbits.xensource.com/xen-unstable.hg?rev/168f0cfeded0
> 
> Affected Xen versions:
> ----------------------
> Issue confirmed in Xen-3.0.3, Xen-3.3.0 and Xen-3.3.1.
> 
> References:
> -----------
> https://bugzilla.redhat.com/show_bug.cgi?id=525740
> https://bugzilla.redhat.com/show_bug.cgi?id=525740#c1 (PoC)
> 
> Could you please allocate a new CVE id?
> 
> Thanks && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team
> 

[prev in list] [next in list] [prev in thread] [next in thread]