CVE-2009-3525

Xen 3.0.3, 3.3.0, 3.3.1 - Unauthenticated Boot Parameter Modification via pyGrub

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3525. PoCs published by Jan Lieskovsky.

AI-analyzed exploit summary This exploit demonstrates a local authentication bypass in Xen by modifying the 'grub.conf' file during the boot process. An attacker with physical access can interrupt the GRUB boot sequence to append a single-user mode flag, bypassing authentication.

Description

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jan Lieskovsky · textlocallinux

https://www.exploit-db.com/exploits/33255

View Code ZIP pw:eip

This exploit demonstrates a local authentication bypass in Xen by modifying the 'grub.conf' file during the boot process. An attacker with physical access can interrupt the GRUB boot sequence to append a single-user mode flag, bypassing authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Xen 3.0.3, 3.3.0, and 3.3.1

No auth needed

Prerequisites: Physical access to the affected host · Xen hypervisor with vulnerable versions

MITRE ATT&CK