Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4405

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4405
Last Modified 30 Oct 2012 11:04:36
Published 03 Oct 2008 01:41:40
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4405

Summary

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Vulnerable Systems

Application

  • Citrix Xen 3.0.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=464818

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=464817

CONFIRM - http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70

VUPEN - ADV-2008-2709

SECTRACK - 1020955

BID - 31499

MLIST - [oss-security] 20081004 Re: CVE Request (xen)

MANDRIVA - MDVSA-2009:016

SECUNIA - 32064

MLIST - [oss-security] 20080930 CVE Request (xen)

MLIST - [xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration

MLIST - [xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration

SUSE - SUSE-SR:2009:015

REDHAT - RHSA-2009:0003


Last Updated: 27 May 2016 10:49:46