Xen exploitation part 3: XSA-182, Qubes escape

This is the last part of our blogpost series about Xen security . This time we write about a vulnerability we found (XSA-182) (CVE-2016-6258) and his exploitation on Qubes OS project.

We first explain the methodology used to find the vulnerability and then the exploitation specificity on Qubes OS.
We would like to emphasize that the vulnerability is not in the code of Qubes OS. But since Qubes OS relies on Xen hypervisor, it is affected by this vulnerability. More information is provided by Qubes’ security bulletin #24 .

tl;dr
This screenshot shows a fresh install of Qubes OS. The terminal is running inside an untrusted VM to which an attacker gained access. The exploitation of the vulnerability gave him full control over dom0. Thanks to a little shell script, he can execute any command in dom0 (as shown by the gray borders and the title [Dom0] Calculator of xcalc), and thus gain


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/5sgOzAW44Bg/xen-exploitation-part-3-xsa-182-qubes-escape.html

Original article

Comments are closed.

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: