Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1583

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-1583
Last Modified 23 Aug 2011 11:17:10
Published 12 Aug 2011 02:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1583

Summary

Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 allow local users to cause a denial of service and possibly execute arbitrary code via a crafted paravirtualised guest kernel image that triggers (1) a buffer overflow during a decompression loop or (2) an out-of-bounds read in the loader involving unspecified length fields.

Vulnerable Systems

Application

  • Citrix Xen 3.2.0

  • Citrix Xen 3.3.0

  • Citrix Xen 4.0.0

  • Citrix Xen 4.1.0


References

MLIST - [Xen-devel] 20110509 Re: Xen security advisory CVE-2011-1583 - pv kernel image validation

MLIST - [Xen-devel] 20110509 Xen security advisory CVE-2011-1583 - pv kernel image validation

REDHAT - RHSA-2011:0496


Last Updated: 27 May 2016 10:56:22