The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Xen: buffer overflow of pyxc_vcpu_setaffinity

Synthesis of the vulnerability 

When the system uses the Python libxc Toolstack, a guest administrator can generate a buffer overflow in pyxc_vcpu_setaffinity() of Xen, in order to trigger a denial of service, and possibly to execute code.
Impacted systems: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity of this alert: 2/4.
Creation date: 21/05/2013.
Références of this alert: BID-59982, CERTA-2013-AVI-316, CVE-2013-2072, DSA-3041-1, FEDORA-2013-8571, FEDORA-2013-8590, openSUSE-SU-2013:1392-1, openSUSE-SU-2013:1404-1, SUSE-SU-2013:1075-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-12845, XSA-56.

Description of the vulnerability 

Xen can be configured with a Python libxc, xl or xapi Toolstack.

The pyxc_vcpu_setaffinity() function of tools/python/xen/lowlevel/xc/xc.c defines the affinity of a VCPU. However, this function does not check if the VCPU number is larger than the size of the array storing information.

When the system uses the Python libxc Toolstack, a guest administrator can therefore generate a buffer overflow in pyxc_vcpu_setaffinity() of Xen, in order to trigger a denial of service, and possibly to execute code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness announce impacts software or systems such as Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this vulnerability alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer threat announce.

Solutions for this threat 

Xen: version 4.2.3.
The version 4.2.3 is fixed:
  http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.2
  http://www.xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-423.html

Xen: version 4.1.6.1.
The version 4.1.6.1 is fixed:
  http://www.xenproject.org/downloads/xen-archives/supported-xen-41-series/xen-4161.html
  http://xenbits.xen.org/gitweb/?p=xen.git;a=shortlog;h=refs/heads/stable-4.1

Xen: patch for pyxc_vcpu_setaffinity.
A patch is available in information sources.

Debian: new xen packages.
New packages are available:
  Debian 7: xen 4.1.4-3+deb7u3

Fedora: new xen packages.
New packages are available:
  xen-4.1.5-4.fc17
  xen-4.2.2-5.fc18

openSUSE 12.2: new xen packages.
New packages are available:
  xen-4.1.5_04-5.29.1

openSUSE 12.3: new xen packages.
New packages are available:
  xen-4.2.2_06-1.16.1

SUSE LE 11: new Xen packages.
New packages are available:
  xen-4.1.5_02-0.5.1

SUSE LE 11 SP1: new xen packages.
New packages are available:
  SUSE LE 11: xen 4.0.3_21548_16-0.5.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computers vulnerabilities workaround. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.