Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 05 Feb 2013 13:15:12 +0000
From: Xen.org security team <security@....org>
To: xen-announce@...ts.xen.org, xen-devel@...ts.xen.org,
 xen-users@...ts.xen.org, oss-security@...ts.openwall.com
CC: Xen.org security team <security@....org>
Subject: Xen Security Advisory 39 (CVE-2013-0216,CVE-2013-0217) - Linux
 netback DoS via malicious guest ring.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

    Xen Security Advisory CVE-2013-0216,CVE-2013-0217 / XSA-39
			      version 2

          Linux netback DoS via malicious guest ring.

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

The Xen netback implementation contains a couple of flaws which can
allow a guest to cause a DoS in the backend domain, potentially
affecting other domains in the system.

CVE-2013-0216 is a failure to sanity check the ring producer/consumer
pointers which can allow a guest to cause netback to loop for an
extended period preventing other work from occurring.

CVE-2013-0217 is a memory leak on an error path which is guest
triggerable.

IMPACT
======

A malicious guest can mount a DoS affecting the entire system.

VULNERABLE SYSTEMS
==================

All systems running guests with access to PV network devices are
vulnerable.

CVE-2013-0216 affects both mainline ("pvops") and classic-Xen patch
kernels.

CVE-2013-0217 affects only mainline ("pvops") kernels.

MITIGATION
==========

Running HVM guests with only emulated or passthrough NICs or PV guests
with only passthrough NICs will avoid this vulnerability.

RESOLUTION
==========

Applying the appropriate attached patches in sequence resolves this issue.

xsa39-pvops-*.patch            Apply to mainline Linux 3.8-rc2
xsa39-classic-*.patch          Apply to linux-2.6.18-xen tree.

All patches for the given branch should be applied in numerical order.

$ sha256sum xsa39*.patch
4b75961673b940f5eb31451080dd668b9119eb88db1df44db1a3ba4b0d037ce1  xsa39-classic-0001-xen-netback-garbage-ring.patch
096143750b99eb2d88970338c3f9debfbbfdaef766525a620281b28528ebe0ce  xsa39-classic-0002-xen-netback-wrap-around.patch
99cf93e37985908243b974cc726f57e592e62ae005eca52969f11fb6fdea6fb5  xsa39-pvops-0001-xen-netback-shutdown-the-ring-if-it-contains-garbage.patch
e0c4226b0910ca455f22ae117e8346d87053e9faf03ec155dd6c31e2f58a1969  xsa39-pvops-0002-xen-netback-don-t-leak-pages-on-failure-in-xen_netbk.patch
70e6cb644a57cdda7f29eb86086a8e697706c3fc974a44c52322e451fd6b9d5c  xsa39-pvops-0003-xen-netback-free-already-allocated-memory-on-failure.patch
5d0db59bbd5ad3a7efae78a6c26fc2491b7c553e5519dd946d1422a116af73dd  xsa39-pvops-0004-netback-correct-netbk_tx_err-to-handle-wrap-around.patch
$
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJREQI5AAoJEIP+FMlX6CvZLbcIAL7gpD+EzDjb+g3ZlORl1jPV
+icqyDoPWeWructbggY+YcJJc2IavNrRXBSN/9edSTUXSi7YTW+Tjeh8bcLza1JM
McWKxPtJB8CKEIAjAeT8qMVaNUNQuJQTtTLtXHGuQE6xwxK8YmgLzQSx91OOp9Bx
49GK1Ptnp7bQoEoc7B3oN6GXr/hs/FvaD0Cr481yUxXX1GxV+AL7sxXiJ4kXu1rE
UTSLFAzUfw1KWI5wP3GQCREhysCvgIq4mZyD5+TF8MUagpg+m1aURs2AUUxrJ/Zw
o+LVEKWYRsTtWIRtwYOdPHn73bllyPOrBgimTDBM9rY9CztOnN8yoPRlUz0Sux0=
=UhBt
-----END PGP SIGNATURE-----

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ