Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2152

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2015-2152
Last Modified 25 Mar 2015 10:01:15
Published 18 Mar 2015 12:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2152

Summary

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

Vulnerable Systems

Application

  • Xen 4.5.0


References

CONFIRM - http://xenbits.xen.org/xsa/advisory-119.html

SECTRACK - 1031919

SECTRACK - 1031806

FEDORA - FEDORA-2015-3944

FEDORA - FEDORA-2015-3721

FEDORA - FEDORA-2015-3935


Last Updated: 27 May 2016 11:08:12