<!– Xen multiple security vulnerabilities –>
Xen multiple security vulnerabilities
news /
advisories /
forum /
software /
advertising /
search /
exploits
<!–
google_ad_client = “pub-9080155680222782”;
google_ad_width = 468;
google_ad_height = 15;
google_ad_format = “468x15_0ads_al”;
//2007-01-19: Inside
google_ad_channel = “6209105484”;
google_color_border = “333333”;
google_color_bg = “0D0030”;
google_color_link = “AAAAAA”;
google_color_text = “999999”;
google_color_url = “C0C0C0”;
//–><!– script type="text/javascript"
src=”http://pagead2.googlesyndication.com/pagead/show_ads.js” –>
BUGTRAQSecurityVulns ID:12030Type:XEN : Xen 3.2 XEN : Xen 3.3 XEN : Xen 4.0 XEN : Xen 4.1CVE:CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allows local users to cause a denial of service (management software infinite loop and management domain resource consumption) via unspecified vectors related to “Lack of error checking in the decompression loop.”) CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by “using DMA to generate MSI interrupts by writing to the interrupt injection registers.”) CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.) CVE-2011-1166Discuss:Read or add your comments to this news (0 comments)
test server
Article source: http://securityvulns.com/news/Xen/1111.html
View full post on National Cyber Security