Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5716

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-5716
Last Modified 06 Jan 2009 01:02:52
Published 24 Dec 2008 01:29:15
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-5716

Summary

xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

Vulnerable Systems

Application

  • Citrix Xen 3.3.0


References

XF - xen-xend-xenstore-dos(47668)

BID - 31499

MLIST - [oss-security] 20081219 CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete)

MLIST - [xen-devel] 20081218 Re: PATCH: Actually make /local/domain/$DOMID readonly to the guest

MLIST - [xen-devel] 20081218 PATCH: Actually make /local/domain/$DOMID readonly to the guest


Last Updated: 27 May 2016 10:48:54