This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can generate a buffer overflow via the SCSI REPORT
LUNS command of Xen, in order to trigger a denial of service, and
possibly to execute code.

Impacted products : Fedora, Unix (platform)

Severity : 2/4

Creation date : 03/10/2013

DESCRIPTION OF THE VULNERABILITY

The SCSI REPORT LUNS command indicates information on devices.

However, if a HVM guest system has more than 256 SCSI devices, an
overflow occurs.

An attacker can therefore generate a buffer overflow via the SCSI
REPORT LUNS command of Xen, in order to trigger a denial of
service, and possibly to execute code.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Xen-buffer-overflow-of-SCSI-REPORT-LUNS-13516