Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xen Security Issue Patched

Posted by kdawson on from the stay-in-your-places-now-children dept.

An anonymous reader sends in word of a privilege escalation security issue identified in the open source Xen hypervisor. Xen has issued a hotfix and urged all users to install it. The problem was disclosed by Secunia last week. A user of a guest domain with root privileges could execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted.

1 of 41 comments (clear)

  1. Customer of mine... by cerberusss · · Score: 5, Informative

    Cool to see this on Slashdot. The guy who found the vulnerability is actually a customer of mine. I recently started a business in hosted Virtual Private Servers. Joris van Rantwijk, the bug reporter, was interested to become a customer and I said why don't you try it out for a few weeks?

    As a plus point, I let them boot their own kernels (I trust my custommers). Next thing I know, he tells me to check my /root directory ON MY PHYSICAL MACHINE (i.e. domain 0 in Xen speak) where I find a file describing the exploit...

    Oh don't bother to check out my business' website, it's not translated yet in English... (I'm Dutch).

    --
    8 of 13 people found this answer helpful. Did you?