The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen |
||
citrix xenserver 7.0 |
||
citrix xenserver 6.5 |
||
citrix xenserver 6.2.0 |
||
citrix xenserver 6.0.2 |