Xen starts to suffer security vulnerabilities
VMware products are not the only ones suffering security vulnerabilities. The wider audience the bigger chances to find out developers errors in every software, in every industry.
So after bugs which obliged VMware to release new Workstation 6.0.1, Player 2.0.1, ACE 2.0.1 and Server 1.0.4, it’s now Xen turn.
Quoting from Secunia:
Joris van Rantwijk has reported a vulnerability in Xen, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by “root” users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.
The vulnerability is reported in Xen 3.0.3. Other versions may also be affected.
Grant only trusted users “root” privileges to guest domains.
Read the whole securiy bulletin at the source.
Since Xen is used as virtualization engine by XenSource, Virtual Iron, Novell and Red Hat, all of their commercial solutions may be affected by the same vulnerability. Check with vendors to confirm this.
virtualization.info Newest articles
June 1st, 2012
Yesterday VMTurbo announced that Dennis Hoffman, currently Senior Vice President, Service Provider at EMC Corporation, has joined the company’s Board of Directors.
With more than 20 years of industry experience…
May 30th, 2012
Today Amazon announced the availability, with no additional charge, of VM Export, the counterpart of VM Import, that allows the export EC2 instances to costumers on-premise infrastructures.
This new features…
May 30th, 2012
Yesterday the Fedora Project announced the general availability of Fedora 17, the latest version of Red Hat sponsored free open source operating system distribution.
In the rich set of new…
May 29th, 2012
Last week Quest Software announced the availability of vRanger 5.4 its backup, replication and recovery solution for VMware.
The main feature of this new release is the plug-and-play integration with…
May 28th, 2012
Last week VKernel announced the release of vOPS Server Standar 5.0 with a particular emphasis on the introduction of new automation features like on-click auto-deployment of capacity reservations, automated risk…
May 24th, 2012
Today Milan hosted the VMware Forum 2012, during the opening keynote Brian Gammage, VMware’s Chief Market Technologist, tried to collect all the news and declarations we heard in the last…
May 23rd, 2012
Yesterday VMware announced the acquisition of Wanova Inc. a company whose main product is called Mirage.
Mirage is a centralized management and recovery solution for physical desktop images over the…
May 23rd, 2012
Yesterday VMware published a paper focused on VMware vMSC (vSphere Metro Storage Cluster), a new configuration within the VMware Hardware Compatibility List intended for environments where disaster/downtime avoidance is a…
May 22nd, 2012
Yesterday, during its annual conference in Las Vegas, EMC announced the acquisition of Syncplicity, a cloud-storage privately held startup founded in 2008 and based in Menlo Park, California.
Terms…
May 21st, 2012
On May 18th Oracle announced the general availability of version 3.1 of its x86 enterprise virtualization solution VM Server.
This release follows 3.0 announced on August 24th 2011.
All the new…
May 21st, 2012
In this post, published on May 18 in VROOM! Blog, the VMware’s Performance Team presented some of the most significant enhancements and optimizations brought to Teradici‘s PCoIP protocol in the…
May 17th, 2012
On May 15th NVIDIA unveiled the NVIDIA® VGX™ platform that will be available later this year through NVIDIA’s hardware OEM and VDI partners.
This new platform promises to deliver…
May 17th, 2012
Microsoft announced this week the new Beta version of its capacity planning tool Microsoft Assessment and Planning (MAP) 7.0 Beta.
The Beta program opened on May 15th and the review…
May 15th, 2012
Today VMware announced VMware vFabric Suite 5.1, expected to be generally available in Q2 2012.
vFabric Suite 5.1 includes vFabric Application Director, to automate the deployment and management of vFabric…
Copyright © 2003-2012 virtualization.info. All rights reserved.
virtualization.info | cloudcomputing.info | virtualization.tv | Virtualization Congress