Xen pygrub TOOLS/PYGRUB/SRC/GRUBCONF.PY Local Command Injection Vulnerability
An attacker can exploit this issue by including Python commands in a configuration file using filesystem utilities. The following proof of concept is available:
Change the 'default' statement in grub.conf to:
default "+str(0*os.system(" insert evil command here "))+"
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.