Xen project Mailing List

[Xen-announce] Xen Security Advisory 55 - Multiple vulnerabilities in libelf PV kernel handling

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Fri, 07 Jun 2013 16:57:31 +0000

Cc: "Xen.org security team" <security@xxxxxxx>

Delivery-date: Fri, 07 Jun 2013 17:00:01 +0000

List-id: "Xen announcements \(low volume\)" <xen-announce.lists.xen.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory XSA-55 version 2 Multiple vulnerabilities in libelf PV kernel handling UPDATES IN VERSION 2 ==================== Updated information regarding the status of the fix. STATUS OF THE FIX ================= Due to the unintended early release of these patches they have not received as much review or testing as we would have liked. As discussed on xen-devel, the patches distributed with version 2 of the advisory are known to introduce regressions and also additional issues in the same have been discovered. An updated patch series is in preparation. Technical assistance with review of the drafts would be greatly appreciated. Under the circumstances, we are sending version of this advisory out without any attached patches. We have not yet been assigned a CVE number for this issue. ISSUE DESCRIPTION ================= The ELF parser used by the Xen tools to read domains' kernels and construct domains has multiple integer overflows, pointer dereferences based on calculations from unchecked input values, and other problems. IMPACT ====== A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host). Additionally a malicious HVM domain administrator who is able to supply their own firmware ("hvmloader") can do likewise; however we think this would be very unusual and it is unlikely that such configurations exist in production systems. VULNERABLE SYSTEMS ================== All Xen versions are affected. Installations which only allow the use of trustworthy kernels for PV domains are not affected. MITIGATION ========== Ensuring that PV guests use only trustworthy kernels will avoid this problem. RESOLUTION ========== The patch series to properly resolve this issue is under development. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJRshDXAAoJEIP+FMlX6CvZfjEIAICD3oeHvE8DsECuI2hEc7ZY KebriUO5XccEzqXF4oCyhkhj54MuZvZI5+n9ha/rbucvBfMzA90EMFOu9TUQr8eR NANbVn52X7an+a8cfTBQJHmzUbP9SSO3/8abArmQFm9W7dzPWfMZY2LJ9NE2zUG1 vHPgx5vZTVVKPf2UtWxQnAEggCoemWk7qn9p9Sy7z72JjwLFzShflSXZZju4bgcW ncl9Ww0QCsNC0JxnunhvmO/3Xg5j45+nNxqEpUZ5f+KToFs/n9hQTkm2fSHTOOsW 9ojSG05sUR/6/DyAc3vRwDTBTmYRHM+CQIL2n3FFUh1yT/Y+lW1qJvZMRz/1ph0= =fELy -----END PGP SIGNATURE-----

_______________________________________________ Xen-announce mailing list Xen-announce@xxxxxxxxxxxxx http://lists.xen.org/xen-announce

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.