CVE-2016-9380

HIGH7.5

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file

Published Jan 23, 2017

Modified 1 years ago

Details

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

References

WEB

http://www.securityfocus.com/bid/94473

WEB

http://www.securitytracker.com/id/1037347

WEB

http://xenbits.xen.org/xsa/advisory-198.html

WEB

http://xenbits.xen.org/xsa/xsa198.patch

ADVISORY

https://security.gentoo.org/glsa/201612-56

WEB