similar to: PV privilege escalation - advisory

Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination

Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8

Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8

Package: xen-3 Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the header to identify

Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix

Hi all, I''ve been trying to install Windows Server 2008 R2 under Xen 3.1 on Red Hat, but it keeps blue screening after the first reboot during the install. It seems to only affect 2008 R2. Windows Server 2008 installs fine, rebooting a couple of times along the way. With R2, it will go through the initial unpack and install, and then it reboots. I''m installing it

Distro: debian unstable Xen version: 4.0.0-2 This is the config: #HVM #still no qemu-dm in debian #kernel = "/usr/lib/xen-4.0/boot/hvmloader" #builder = ''hvm'' #memory = 2048 #name = "webserver" #vif = [''bridge=eth0''] #disk = [''tap:tapdisk:aio:/srv/xen/webserver.img,xvda,w'',''phy:/dev/cdrom,xvdb:cdrom,r'']

tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742

Guys! I have one fiber channel IBM storage (10T) and 8 HP Proliant servers with 32G of RAM on each and 1 HP with 4G of RAM. My question is: * How to use the same storage (block device) with all my different virtualization servers simultaneously? I have 2 open source Xen with CentOS 5.4, 2 VMWare ESX, 2 Citrix XenServer, 2 KVM powered by Ubuntu and 1 Debian exporting the IBM storage to a SAN

Hi, we have Xen 3.4.1 Dom0 Debian 5.0 x64 server - headless. Now we would like to install OpenSUSE 11.2 PV domU. Does anybody has pointers how to do it or even ready domU image? Thanks Peter _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? thanks

What is the best way to compile xen on centos 5.3? Also I need to able to kmod Yum kmod-drbd with the new version of xen. I belive that if I want to use xen 3.4.1 I have to re compile kernel right? I''m currently using kernel 2.6.18-127 from centos 5.3 but is running xen 3.1 only from yum Sent from my iPhone _______________________________________________ Xen-users mailing list

Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use "hide unreadable = yes" to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the

Hello, I created a paravirtualized Debian Squeeze guest (using virt-manager), after completing the initial setup I was asked to reboot, in order to finalise the installation. The guest startup breaks down with the error message: Error starting domain: POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: Boot loader didn''t return any

Hi Guys! I have a very interesting problem. I run gentoo and have been running xen-3.4.2 on 2 server computers (Supermicro-based, IBM). A little time ago, I have tried to upgrade xen-3.4.2 to xen-4.0.0 (with emerge) on the Supermicro server, but the computer wasn''t able to boot with the following breakdown: [ 62.848947] 0800 1315427328 sda driver: sd [ 62.849264] 0801 208813 sda1 [

Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a system via SSH to scp, sftp, rsync, rdist, and cvs. It also allows the system

Hi, I installed XEN 3.4-testing version without much problems in CentOS 5.3 running on quadcore Intel Nahelam processors using the following installation steps (as in the README) : <steps> hg clone http://xenbits.xensource.com/xen-3.4-testing.hg` cd xen-unstable.hg make world make install make linux-2.6-xen-config CONFIGMODE=menuconfig make linux-2.6-xen-build make linux-2.6-xen-install

Hello, I am running xen-3.3.1 with rhel5.3 dom0. I have a rhel5.3 domU that is stuck in the boot process. It seems it is trying to bring up the network. We see this problem only occassionally. This is the last console output: Running configure_os... Warning: Configuring networking... Warning: HOSTNAME is not defined Updating ifcfg-eth0 [ OK ] Allowing IPv4 link local addresses [ OK ]

Hi, We have a XEN Server running on CentOS 5.5. Details are given below. We have several guest OSs running, but we are unable to install Windows 2008 R2. We can install any 32-bit version of Windows (Vista, 7 etc). When we attempt the install, the process starts as normal, but when the process finishes loading files from the media (just before it enters GUI mode), it Blue Screens with a

From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from