Vigil@nce - Xen : buffer overflow of SCSI REPORT LUNS
octobre 2013 par Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate a buffer overflow via the SCSI REPORT
LUNS command of Xen, in order to trigger a denial of service, and
possibly to execute code.
Impacted products : Fedora, Unix (platform)
Severity : 2/4
Creation date : 03/10/2013
DESCRIPTION OF THE VULNERABILITY
The SCSI REPORT LUNS command indicates information on devices.
However, if a HVM guest system has more than 256 SCSI devices, an
overflow occurs.
An attacker can therefore generate a buffer overflow via the SCSI
REPORT LUNS command of Xen, in order to trigger a denial of
service, and possibly to execute code.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-buffer-overflow-of-SCSI-REPORT-LUNS-13516