similar to: PV privilege escalation - advisory

Displaying 20 results from an estimated 7000 matches similar to: "PV privilege escalation - advisory"

2012 Jun 12
3
Bug#677221: xen: Xen PV privilege escalation (CVE-2012-0217)
Source: xen Version: 4.1.2-2 Severity: critical Tags: security Justification: allows PV domains to escape into the dom0 context Hi, I realize you're most likely pretty well aware of that problem already, but Debian's Xen versions are vulnerable to a PV privilege escalation [1]. The issue is tracked as CVE-2012-0217 and public as of today. Therefore I am filing this bug for coordination
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server Internal reference: DOV-5320 Vulnerability type: Improper Access Control (CWE-284) Vulnerable version: 2.2 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed in main Researcher credits: Julian Brook (julezman) Vendor notification: 2022-05-06 CVE reference: CVE-2022-30550 CVSS: 6.8
2008 Jul 12
3
Bug#490409: CVE-2008-2004: privilege escalation
Package: xen-3 Severity: grave Tags: security Justification: user security hole Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-3. CVE-2008-2004[0]: | The drive_init function in QEMU 0.9.1 determines the format of a raw | disk image based on the header, which allows local guest users to read | arbitrary files on the host by modifying the header to identify
2009 Sep 11
5
installing Windows 2008 R2
Hi all, I''ve been trying to install Windows Server 2008 R2 under Xen 3.1 on Red Hat, but it keeps blue screening after the first reboot during the install. It seems to only affect 2008 R2. Windows Server 2008 installs fine, rebooting a couple of times along the way. With R2, it will go through the initial unpack and install, and then it reboots. I''m installing it
2010 Jun 22
18
blktap2 does not work
Distro: debian unstable Xen version: 4.0.0-2 This is the config: #HVM #still no qemu-dm in debian #kernel = "/usr/lib/xen-4.0/boot/hvmloader" #builder = ''hvm'' #memory = 2048 #name = "webserver" #vif = [''bridge=eth0''] #disk = [''tap:tapdisk:aio:/srv/xen/webserver.img,xvda,w'',''phy:/dev/cdrom,xvdb:cdrom,r'']
2009 Dec 09
5
Shared storage between open Xen, VMware ESX, XenServer, KVM and a normal Linux...
Guys! I have one fiber channel IBM storage (10T) and 8 HP Proliant servers with 32G of RAM on each and 1 HP with 4G of RAM. My question is: * How to use the same storage (block device) with all my different virtualization servers simultaneously? I have 2 open source Xen with CentOS 5.4, 2 VMWare ESX, 2 Citrix XenServer, 2 KVM powered by Ubuntu and 1 Debian exporting the IBM storage to a SAN
2010 Feb 10
6
OpenSUSE 11.2 domU install
Hi, we have Xen 3.4.1 Dom0 Debian 5.0 x64 server - headless. Now we would like to install OpenSUSE 11.2 PV domU. Does anybody has pointers how to do it or even ready domU image? Thanks Peter _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
2008 Mar 06
1
Bug#469654: xen-unstable: CVE-2008-0928 privilege escalation
Package: xen-unstable Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xen-unstable. CVE-2008-0928[0]: | Qemu 0.9.1 and earlier does not perform range checks for block device | read or write requests, which allows guest host users with root | privileges to access arbitrary memory and escape the virtual machine. If you fix
2013 May 14
3
Local Privilege Escalation
Hi - Looking at https://news.ycombinator.com/item?id=5703758 I have just tried this on a fully patched 6.4 box and it seems vulnerable - Do other see the same? thanks
2009 Sep 16
3
Best way to compile xen 3.4.1 on centos 5.3
What is the best way to compile xen on centos 5.3? Also I need to able to kmod Yum kmod-drbd with the new version of xen. I belive that if I want to use xen 3.4.1 I have to re compile kernel right? I''m currently using kernel 2.6.18-127 from centos 5.3 but is running xen 3.1 only from yum Sent from my iPhone _______________________________________________ Xen-users mailing list
2007 Oct 15
1
Bug#446771: CVE-2007-4993 privilege escalation
tags 446771 + patch thanks Hi, attached is a patch to fix this if you don't already have one. Kind regards Nico -- Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: CVE-2007-4993.patch Type: text/x-diff Size: 4742
2011 Feb 24
6
can''t run Debian guest
Hello, I created a paravirtualized Debian Squeeze guest (using virt-manager), after completing the initial setup I was asked to reboot, in order to finalise the installation. The guest startup breaks down with the error message: Error starting domain: POST operation failed: xend_post: error from xen daemon: (xend.err "Error creating domain: Boot loader didn''t return any
2010 Sep 09
4
xen upgrade problem, cant boot from 3.4.2 to 4.0.0
Hi Guys! I have a very interesting problem. I run gentoo and have been running xen-3.4.2 on 2 server computers (Supermicro-based, IBM). A little time ago, I have tried to upgrade xen-3.4.2 to xen-4.0.0 (with emerge) on the Supermicro server, but the computer wasn''t able to boot with the following breakdown: [ 62.848947] 0800 1315427328 sda driver: sd [ 62.849264] 0801 208813 sda1 [
2005 Dec 30
5
rssh: root privilege escalation flaw
Affected Software: rssh - all versions prior to 2.3.0 Vulnerability: local user privilege escalation Severity: *CRITICAL* Impact: local users can gain root access Solution: Please upgrade to v2.3.1 Summary ------- rssh is a restricted shell which allows a system administrator to limit users' access to a system via SSH to scp, sftp, rsync, rdist, and cvs. It also allows the system
2009 Aug 25
14
3.4-testing : Kernel panic on bootup (mount: could not find filesystem /dev/root/)
Hi, I installed XEN 3.4-testing version without much problems in CentOS 5.3 running on quadcore Intel Nahelam processors using the following installation steps (as in the README) : <steps> hg clone http://xenbits.xensource.com/xen-3.4-testing.hg` cd xen-unstable.hg make world make install make linux-2.6-xen-config CONFIGMODE=menuconfig make linux-2.6-xen-build make linux-2.6-xen-install
2010 Jun 16
4
DomU stuck in boot
Hello, I am running xen-3.3.1 with rhel5.3 dom0. I have a rhel5.3 domU that is stuck in the boot process. It seems it is trying to bring up the network. We see this problem only occassionally. This is the last console output: Running configure_os... Warning: Configuring networking... Warning: HOSTNAME is not defined Updating ifcfg-eth0 [ OK ] Allowing IPv4 link local addresses [ OK ]
2011 Jun 20
16
64bit Windows Guest Blue Screens on install
Hi, We have a XEN Server running on CentOS 5.5. Details are given below. We have several guest OSs running, but we are unable to install Windows 2008 R2. We can install any 32-bit version of Windows (Vista, 7 etc). When we attempt the install, the process starts as normal, but when the process finishes loading files from the media (just before it enters GUI mode), it Blue Screens with a
2007 Jul 12
1
Urgent, Security: Privilege Escalation in 3.0.24?
Hi list, we have spotted a serious problem with our Samba (Debian version 3.0.24-6) on linux 2.4.31, ext2 with ACLs enabled. We use "hide unreadable = yes" to reduce clutter for our users. Today we noticed that with this option enabled any linux client can access and read *all* directories under the share, even directories that are owned by root and set to 0700. No ACLs are set on the
2011 Dec 22
0
[PATCH] Security: Mitigate possible privilege escalation via SG_IO ioctl (CVE-2011-4127, RHBZ#757071)
From: "Richard W.M. Jones" <rjones at redhat.com> CVE-2011-4127 is a serious qemu & kernel privilege escalation bug found by Paolo Bonzini. http://seclists.org/oss-sec/2011/q4/536 An untrusted guest kernel is able to issue special SG_IO ioctls on virtio devices which qemu passes through to the host kernel without filtering or sanitizing. These ioctls allow raw sectors from