CVEs-PoC/2009/CVE-2009-3525.md

### [CVE-2009-3525](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3525)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the expected password.

### POC

#### Reference
- http://www.openwall.com/lists/oss-security/2009/09/25/1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9466

#### Github
No PoCs found on GitHub currently.