CVE-2009-3525 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-3525 Interim 1 12 2023-12-09T02:01:58Z current 2021-05-30T12:48:39Z 2023-12-09T02:01:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-3525 The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PUQOSBC25X4IKVDHCM3GPXJFE5G56PXU/#PUQOSBC25X4IKVDHCM3GPXJFE5G56PXU E-Mail link for SUSE-SR:2010:012 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 libcmpiutil-0.5-15.16.1 libvirt-0.4.6-14.60.16 libvirt-cim-0.5.2-8.47.85 libvirt-doc-0.4.6-14.60.16 libvirt-python-0.4.6-14.60.16 virt-manager-0.5.3-66.42.13 virt-viewer-0.0.3-3.57.13 vm-install-0.3.27-0.1.15 xen-3.3.1_18546_24-0.3.7 xen-doc-html-3.3.1_18546_24-0.3.7 xen-doc-pdf-3.3.1_18546_24-0.3.7 xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 xen-libs-3.3.1_18546_24-0.3.7 xen-tools-3.3.1_18546_24-0.3.7 xen-tools-domU-3.3.1_18546_24-0.3.7 libcmpiutil-0.5-15.16.1 as a component of SUSE Linux Enterprise Server 11 libvirt-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server 11 libvirt-cim-0.5.2-8.47.85 as a component of SUSE Linux Enterprise Server 11 libvirt-doc-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server 11 libvirt-python-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server 11 virt-manager-0.5.3-66.42.13 as a component of SUSE Linux Enterprise Server 11 virt-viewer-0.0.3-3.57.13 as a component of SUSE Linux Enterprise Server 11 vm-install-0.3.27-0.1.15 as a component of SUSE Linux Enterprise Server 11 xen-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-doc-html-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-doc-pdf-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-libs-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-tools-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 xen-tools-domU-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server 11 libcmpiutil-0.5-15.16.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libvirt-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libvirt-cim-0.5.2-8.47.85 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libvirt-doc-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server for SAP Applications 11 libvirt-python-0.4.6-14.60.16 as a component of SUSE Linux Enterprise Server for SAP Applications 11 virt-manager-0.5.3-66.42.13 as a component of SUSE Linux Enterprise Server for SAP Applications 11 virt-viewer-0.0.3-3.57.13 as a component of SUSE Linux Enterprise Server for SAP Applications 11 vm-install-0.3.27-0.1.15 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-doc-html-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-doc-pdf-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-libs-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-tools-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 xen-tools-domU-3.3.1_18546_24-0.3.7 as a component of SUSE Linux Enterprise Server for SAP Applications 11 The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password. CVE-2009-3525 SUSE Linux Enterprise Server 11:libcmpiutil-0.5-15.16.1 SUSE Linux Enterprise Server 11:libvirt-0.4.6-14.60.16 SUSE Linux Enterprise Server 11:libvirt-cim-0.5.2-8.47.85 SUSE Linux Enterprise Server 11:libvirt-doc-0.4.6-14.60.16 SUSE Linux Enterprise Server 11:libvirt-python-0.4.6-14.60.16 SUSE Linux Enterprise Server 11:virt-manager-0.5.3-66.42.13 SUSE Linux Enterprise Server 11:virt-viewer-0.0.3-3.57.13 SUSE Linux Enterprise Server 11:vm-install-0.3.27-0.1.15 SUSE Linux Enterprise Server 11:xen-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server 11:xen-doc-html-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server 11:xen-doc-pdf-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server 11:xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 SUSE Linux Enterprise Server 11:xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 SUSE Linux Enterprise Server 11:xen-libs-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server 11:xen-tools-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server 11:xen-tools-domU-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:libcmpiutil-0.5-15.16.1 SUSE Linux Enterprise Server for SAP Applications 11:libvirt-0.4.6-14.60.16 SUSE Linux Enterprise Server for SAP Applications 11:libvirt-cim-0.5.2-8.47.85 SUSE Linux Enterprise Server for SAP Applications 11:libvirt-doc-0.4.6-14.60.16 SUSE Linux Enterprise Server for SAP Applications 11:libvirt-python-0.4.6-14.60.16 SUSE Linux Enterprise Server for SAP Applications 11:virt-manager-0.5.3-66.42.13 SUSE Linux Enterprise Server for SAP Applications 11:virt-viewer-0.0.3-3.57.13 SUSE Linux Enterprise Server for SAP Applications 11:vm-install-0.3.27-0.1.15 SUSE Linux Enterprise Server for SAP Applications 11:xen-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-doc-html-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-doc-pdf-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-kmp-default-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-kmp-pae-3.3.1_18546_24_2.6.27.45_0.3-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-libs-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-tools-3.3.1_18546_24-0.3.7 SUSE Linux Enterprise Server for SAP Applications 11:xen-tools-domU-3.3.1_18546_24-0.3.7 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C