NVD

Id
50726  
Name
CVE-2009-3525  
Description
The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest"s kernel boot parameters without providing the expected password.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2009-10-05  
Modified Date
2010-08-21  
Seq
2009-3525  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
256293 50726 CVE-2009-3525 SUSE-SR:2010:012  View
256294 50726 CVE-2009-3525 oval:org.mitre.oval:def:9466  View
256295 50726 CVE-2009-3525 [oss-security] 20090925 CVE Request -- Xen -- PyGrub  View
256296 50726 CVE-2009-3525 RHSA-2009:1472  View
256297 50726 CVE-2009-3525 36523  View
256298 50726 CVE-2009-3525 1022950  View
256299 50726 CVE-2009-3525 http://xenbits.xensource.com/xen-unstable.hg?rev/8f783adc0ee3  View
256300 50726 CVE-2009-3525 https://bugzilla.redhat.com/show_bug.cgi?id=525740  View
256301 50726 CVE-2009-3525 https://bugzilla.redhat.com/show_bug.cgi?id=525740#c0  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
41195 JVNDB-2009-002202 Xen の pyGrub ブートローダにおけるゲストの Kernel ブートパラメータを改ざん可能な脆弱性 Xen の pyGrub ブートローダには、grub.conf の password オプションをサポートしていないため、パスワード認証なしにゲストの Kernel ブートパラメータを改ざん可能な脆弱性が存在します。 CVE-2009-3525 40956 CVE-2009-3525 50726 7.2 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002202.html 2009-10-01 2009-11-11 View