Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
BID:25825
Info
Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
| Bugtraq ID: | 25825 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4993 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 22 2007 12:00AM |
| Updated: | Nov 15 2007 12:37AM |
| Credit: | Joris van Rantwijk discovered this issue. |
| Vulnerable: |
XenSource Xen 3.0.3 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 rPath rPath Linux 1 Redhat Fedora Core7 Redhat Enterprise Linux Virtualization 5 Server Redhat Enterprise Linux Desktop Multi OS 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux 5 Server Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 4.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
Xen is prone to a local command-injection vulnerability that can lead to privilege escalation.
This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script.
This vulnerability affects Xen 3.0.3; other versions may be affected as well.
Xen is prone to a local command-injection vulnerability that can lead to privilege escalation.
This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script.
This vulnerability affects Xen 3.0.3; other versions may be affected as well.
Exploit / POC
Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
An attacker can exploit this issue by including Python commands in a configuration file using filesystem utilities. The following proof of concept is available:
Change the 'default' statement in grub.conf to:
default "+str(0*os.system(" insert evil command here "))+"
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
An attacker can exploit this issue by including Python commands in a configuration file using filesystem utilities. The following proof of concept is available:
Change the 'default' statement in grub.conf to:
default "+str(0*os.system(" insert evil command here "))+"
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
Solution:
Please see the referenced advisories for more information.
Solution:
Please see the referenced advisories for more information.
References
Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
References:
References:
- Xen Project Homepage (Xen Project)
- XenSource Bugzilla Bug 1068 (XenSource)
- RHSA-2007:0323-2 xen security update (Red Hat)
- Ubuntu Security Notice USN-527-1 (Ubuntu )