CVE-2016-9380

EUVD-2016-10190
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
xenxen
*
citrixxenserver
6.0.2
citrixxenserver
6.2.0
citrixxenserver
6.5
citrixxenserver
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
precise
Fixed 4.1.6.1-0ubuntu0.12.04.13
released
trusty
Fixed 4.4.2-0ubuntu0.14.04.9
released
xenial
Fixed 4.6.0-1ubuntu4.3
released
yakkety
Fixed 4.7.0-0ubuntu2.1
released
zesty
Fixed 4.8.0-1ubuntu1
released
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/94473
http://www.securitytracker.com/id/1037347
http://xenbits.xen.org/xsa/advisory-198.html
http://xenbits.xen.org/xsa/xsa198.patch
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775
http://www.securityfocus.com/bid/94473
http://www.securitytracker.com/id/1037347
http://xenbits.xen.org/xsa/advisory-198.html
http://xenbits.xen.org/xsa/xsa198.patch
https://security.gentoo.org/glsa/201612-56
https://support.citrix.com/article/CTX218775