News and insights on how end users are deploying server virtualization to better manage their IT infrastructure - from Tim Walsh, Director of Marketing at Virtual Iron
Tim Walsh
Xen Security Flaws and Virtual Iron

This past weekend, there was some online discussion about security flaws in the Xen open source hypervisor. Specifically, it was reported that there is a vulnerability in Xen which can be exploited by malicious, local users to gain escalated privileges.

I want to make sure everybody who is using Virtual Iron or is thinking of using Virtual Iron knows that this flaw does not impact Virtual Iron software at all.

The vulnerability mentioned is caused due to an input validation error in tools/pygrub/src/GrubConf.py. This can be exploited by "root" users of a guest domain to execute arbitrary commands in domain 0 via specially crafted entries in grub.conf when the guest system is booted. Source: http://www.secunia.com/advisories/26986/

While Virtual Iron incorporates the Xen open source hypervisor, our software is not impacted by this vulnerability at all.
- Virtual Iron does not grant any user access to dom0.
- Virtual Iron does not use GrubConf.py. It is not even present in our dom0.
- Virtual Iron supports only unmodified operating systems (HVM). GrubConf.py is used to bootstrap paravirtualized guests.

Questions? Let us know here or in the forums.
del.icio.us | digg | StumbleUpon | reddit | Slashdot
Posted by Tony A. on October 1, 2007 3:36 PM | Permalink | Comments (0)

← Optimizing Server Virtualization and Consolidation through Data Center Assessment | Are You a Hosted Service Provider? →

TrackBack

TrackBack URL for this entry:
http://blog.virtualiron.com/mt/mt-tb.cgi/1199
Post a comment
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)



RSS/XML Feed Add to Bloglines Add to My Yahoo! Add to Google
Healthcare Provider Streamlines its IT Infrastructure with Server Virtualization
Back to School - UMass Creates A More Flexible IT Infrastructure with Server Virtualization
Law Firm Improves Business Continuity with Server Virtualization
Server Virtualization in Small and Medium Size Enterprises
School System in Georgia Achieves World Class IT Operations with Server Virtualization
Urban School District Leverages Server Virtualization
Server Virtualization - 7 Mini Case Studies
How Hobsons EMT Benefits from Server Virtualization
Customer Case Study: New Jersey Sharing Network
InfoWorld Virtualization Forum
ARCHIVES
September 2008
August 2008
June 2008
May 2008
March 2008
February 2008
Complete Archive List
Virtual Discourse -
Tony Asaro
Virtual Infrastructure -
Chris Barclay
ZDNet's Virtually Speaking
Alessandro Perilli's Virtualization.info
Tarry Singh's Virtualization for Everyone
David Marshall's VMblog
Mark Bowker -Liquefying IT
Fraser Campbell's Linux Virtualization
Chris Wolf's Virtualization Tips and Ramblings
Scott Lowe's Blog
Virtualization Daily
Thomas Bittman
Gartner