Vulnerabilities in Xen allowing from a guest environment to get access to a host system
In the components of virtualization based on the Xen hypervisor revealed a series of security vulnerabilities. An integer overflow (CVE-2013-2194) in the parser ELF format, used to load the cores for guest systems can be used for the organization of the code on the host system.
The problem occurs only when the guest system operating mode paravirtulizatsii (PV) has the power to indicate a custom kernel. System in which the use of nuclear specified by the host system, the issue does not occur.
The second vulnerability is caused by an error checking access rights to the console in the library libxl (libxenlight), allowing you to organize the attack, which may result in access to the contents of files on the host system from the guest environment. Access can be arranged to read and write, but with the rights of the user under which the application runs xenconsole (it is likely that the program will be launched xenconsole administrator will connect to one of the guest systems). For guest systems in HVM except files an attacker to take control of network resources in the model hierarchy devices QEMU, for example, to perform a redirect VNC-port console to another port to bypass the blocking firewall.