CVE-2016-9379
published 2017-01-23CVE-2016-9379: The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete…
high7.9CVSS 3.0
AVLACLPRHUINSCCHIHAN
The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citrix | citrix_adm | — | — |
| citrix | citrix_hypervisor | — | — |
| citrix | citrix_virtual_apps_and_desktops | — | — |
| citrix | endpoint_management | — | — |
| citrix | netscaler_adc | — | — |
| citrix | netscaler_gateway | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| citrix | xenserver | — | — |
| debian | xen | < xen 4.8.0-1 (bookworm) | xen 4.8.0-1 (bookworm) |
| xen | xen | >= 0 < 4.8.0-1 | 4.8.0-1 |
| xen | xen | >= 0 < 4.8.0-1 | 4.8.0-1 |
| xen | xen | >= 0 < 4.8.0-1 | 4.8.0-1 |
| xen | xen | >= 0 < 4.8.0-1 | 4.8.0-1 |
CVSS provenance
nvdv3.07.9HIGHCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
osv7.9HIGH