FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- delimiter injection vulnerabilities in pygrub

Affected packages
xen-tools < 4.7.1

Details

VuXML ID 59f79c99-ba4d-11e6-ae1b-002590263bf5
Discovery 2016-11-22
Entry 2016-12-04

The Xen Project reports:

pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller.

A malicious guest administrator can obtain the contents of sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host configurations, ability to remove certain files may be useable for privilege escalation.

References

CVE Name CVE-2016-9379
CVE Name CVE-2016-9380
FreeBSD PR ports/214936
URL https://xenbits.xen.org/xsa/advisory-198.html