CVE-2009-3525

Name of the Vulnerable Software and Affected Versions Xen versions 3.0.3, 3.3.0, 3.3.1

Description The issue concerns the pyGrub boot loader, which does not support password protection for para-virtualized guests as specified in the grub.conf file. This allows attackers with access to the guest console to boot the guest or alter its kernel boot parameters without entering the expected password.

Recommendations For Xen versions 3.0.3, 3.3.0, and 3.3.1, consider restricting access to the para-virtualized guest console to minimize the risk of unauthorized boot or modification of kernel parameters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.