Multiple vulnerabilities in Xen
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2011-3262 CVE-2011-1583 CVE-2011-1898 |
| CWE-ID | CWE-399 CWE-20 CWE-264 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Xen Server applications / Virtualization software |
| Vendor | Xen Project |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Resource management error
EUVDB-ID: #VU44799
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2011-3262
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to "Lack of error checking in the decompression loop."
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.2.0 - 4.1.0
CPE2.3- cpe:2.3:a:xen_project:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
https://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html
https://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html
https://secunia.com/advisories/55082
https://security.gentoo.org/glsa/glsa-201309-24.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/69381
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU44802
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2011-1583
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 3.2.0 - 4.1.0
CPE2.3- cpe:2.3:a:xen_project:xen:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
https://lists.xensource.com/archives/html/xen-devel/2011-05/msg00483.html
https://lists.xensource.com/archives/html/xen-devel/2011-05/msg00491.html
https://rhn.redhat.com/errata/RHSA-2011-0496.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU44803
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2011-1898
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
MitigationInstall update from vendor's website.
Vulnerable software versionsXen: 4.0.0 - 4.1.0
CPE2.3- cpe:2.3:a:xen_project:xen:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:xen_project:xen:4.1.0:*:*:*:*:*:*:*
https://lists.fedoraproject.org/pipermail/package-announce/2011-June/062112.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-June/062139.html
https://lists.opensuse.org/opensuse-security-announce/2011-08/msg00017.html
https://lists.opensuse.org/opensuse-security-announce/2011-08/msg00018.html
https://theinvisiblethings.blogspot.com/2011/05/following-white-rabbit-software-attacks.html
https://www.invisiblethingslab.com/resources/2011/Software%20Attacks%20on%20Intel%20VT-d.pdf
https://xen.1045712.n5.nabble.com/Xen-security-advisory-CVE-2011-1898-VT-d-PCI-passthrough-MSI-td4390298.html
https://xen.org/download/index_4.0.2.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
