FreeBSD : xen-tools -- delimiter injection vulnerabilities in pygrub (59f79c99-ba4d-11e6-ae1b-002590263bf5)
Medium Nessus Plugin ID 95511
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Xen Project reports :
pygrub, the boot loader emulator, fails to quote (or sanity check) its results when reporting them to its caller.
A malicious guest administrator can obtain the contents of sensitive host files (an information leak). Additionally, a malicious guest administrator can cause files on the host to be removed, causing a denial of service. In some unusual host configurations, ability to remove certain files may be usable for privilege escalation.
SolutionUpdate the affected package.