Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Local Command-Injection Vulnerability in Xen - exploit.company
header-logo
Suggest Exploit
vendor:
Xen
by:
Unknown
7.5
CVSS
HIGH
Command-Injection
78
CWE
Product Name: Xen
Affected Version From: 3.0.3
Affected Version To: Unknown
Patch Exists: No
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Local Command-Injection Vulnerability in Xen

Xen is prone to a local command-injection vulnerability that can lead to privilege escalation. This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script. An attacker can exploit this issue by including Python commands in a configuration file using filesystem utilities.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25825/info

Xen is prone to a local command-injection vulnerability that can lead to privilege escalation.

This issue occurs because the application fails to validate input in the 'tools/pygrub/src/GrubConf.py' script.

This vulnerability affects Xen 3.0.3; other versions may be affected as well. 

An attacker can exploit this issue by including Python commands in a configuration file using filesystem utilities. The following proof of concept is available:

Change the 'default' statement in grub.conf to:
default "+str(0*os.system(" insert evil command here "))+"

Navigation

Suggest Exploit

Services By CQR