Today, The Xen Project and Citrix have released a patch for an important vulnerability discovered by Computest in the XAPI management protocol used by XenServer, a commonly used open source hypervisor platform.
The vulnerability allows an attacker to bypass authentication and take complete control of the hypervisor and the virtual machines running on it. The attack requires the XAPI management port (443 or 80) to be reachable for an attacker, so a firewall is effective in limiting the opportunities to abuse this vulnerability.
Users of XenServer or other Xen-based platforms that make use of the XAPI toolstack are recommended to quickly assess their exposure to this problem and install the update.
A technical writeup of the vulnerability, how we found it and how we determined its impact is available in the form of an advisory at:
Computest thanks Citrix and The Xen Project for their rapid and professional response to our vulnerability report.
Xen has published their advisory as XSA-271, available at http://xenbits.xen.org/xsa/advisory-271.html