FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xen-tools -- xl command line config handling stack overflow

Affected packages
4.1 <= xen-tools < 4.5.0_8

Details

VuXML ID f1deed23-27ec-11e5-a4a5-002590263bf5
Discovery 2015-07-07
Entry 2015-07-11

The Xen Project reports:

The xl command line utility mishandles long configuration values when passed as command line arguments, with a buffer overrun.

A semi-trusted guest administrator or controller, who is intended to be able to partially control the configuration settings for a domain, can escalate their privileges to that of the whole host.

References

CVE Name CVE-2015-3259
URL http://xenbits.xen.org/xsa/advisory-137.html