Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-3525 | First vendor Publication | 2009-10-05 |
Vendor | Cve | Last vendor Modification | 2017-09-19 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3525 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22812 | |||
Oval ID: | oval:org.mitre.oval:def:22812 | ||
Title: | ELSA-2009:1472: xen security and bug fix update (Moderate) | ||
Description: | The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1472-01 CVE-2009-3525 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29340 | |||
Oval ID: | oval:org.mitre.oval:def:29340 | ||
Title: | RHSA-2009:1472 -- xen security and bug fix update (Moderate) | ||
Description: | Updated xen packages that fix a security issue and multiple bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1472 CESA-2009:1472-CentOS 5 CVE-2009-3525 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | xen |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9466 | |||
Oval ID: | oval:org.mitre.oval:def:9466 | ||
Title: | The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | ||
Description: | The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-3525 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for xen CESA-2009:1472 centos5 i386 File : nvt/gb_CESA-2009_1472_xen_centos5_i386.nasl |
2009-11-11 | Name : CentOS Security Advisory CESA-2009:1472 (xen) File : nvt/ovcesa2009_1472.nasl |
2009-10-06 | Name : RedHat Security Advisory RHSA-2009:1472 File : nvt/RHSA_2009_1472.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58621 | Xen pyGrub Boot Loader Para-virtualized Guest Password Bypass |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1472.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20091001_xen_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201004-100220.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_xen-201004-100331.nasl - Type : ACT_GATHER_INFO |
2010-05-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_xen-201004-100220.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1472.nasl - Type : ACT_GATHER_INFO |
2009-10-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1472.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:10:17 |
|
2021-04-22 01:10:42 |
|
2020-05-23 00:24:24 |
|
2017-09-19 09:23:25 |
|
2016-04-26 19:10:34 |
|
2014-06-14 13:28:18 |
|
2014-02-17 10:51:52 |
|
2013-05-10 23:58:39 |
|