Vigil@nce - Xen: denial of service via disk exhaustion by logging
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker that have administrator privileges in a guest system
can trigger logging of an excessive amount af bus access via Xen,
in order to trigger a denial of service.
– Impacted products: XenServer, Debian, Fedora, SUSE Linux
Enterprise Desktop, SLES, Ubuntu, Xen
– Severity: 1/4
– Creation date: 03/06/2015
DESCRIPTION OF THE VULNERABILITY
The Xen product may be configured to attribute some PCI address
ranges to a guest system.
When a bus access is recognized as invalid by Xen, this access may
be logged. However, no limit is defined for the amount of log
space. So a guest system may exhaust the free space of the host
disk.
An attacker that have administrator privileges in a guest system
can therefore trigger logging of an excessive amount of bus access
via Xen, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xen-denial-of-service-via-disk-exhaustion-by-logging-17053