Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4544

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-4544
Last Modified 05 May 2014 01:14:44
Published 31 Oct 2012 12:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-4544

Summary

The PV domain builder in Xen 4.2 and earlier does not validate the size of the kernel or ramdisk (1) before or (2) after decompression, which allows local guest administrators to cause a denial of service (domain 0 memory consumption) via a crafted (a) kernel or (b) ramdisk.

Vulnerable Systems

Operating System

  • Xen 4.1.0

  • Xen 4.1.1

  • Xen 4.1.2

  • Xen 4.1.3

  • Xen 4.2.0


References

XF - xen-pvdomainbuilder-dos(79617)

SECTRACK - 1027699

BID - 56289

MLIST - [oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk

SECUNIA - 51071

OSVDB - 86619

SUSE - openSUSE-SU-2012:1572

SUSE - SUSE-SU-2012:1487

SUSE - SUSE-SU-2012:1486

DEBIAN - DSA-2636

REDHAT - RHSA-2013:0241

SECUNIA - 51413

SECUNIA - 51352

SECUNIA - 51324

FEDORA - FEDORA-2012-17135

FEDORA - FEDORA-2012-17204

FEDORA - FEDORA-2012-17408

SUSE - SUSE-SU-2014:0411

SUSE - SUSE-SU-2014:0470

SUSE - SUSE-SU-2014:0446

SUSE - openSUSE-SU-2012:1573

Related Patches

Novell SUSE 2012:7015 libvirt-201211 security update for SLE 11 SP2 i586

Novell SUSE 2012:7015 libvirt-201211 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:7018 xen-201211 security update for SLE 11 SP2 i586

Novell SUSE 2012:7018 xen-201211 security update for SLE 11 SP2 x86_64

Novell SUSE 2012:7081 vminstall-201211 recommended update for SLE 11 SP2 i586

Novell SUSE 2012:7081 vminstall-201211 recommended update for SLE 11 SP2 x86_64

Novell SUSE 2012:8359 xen-201211 security update for SLE 10 SP4 i586

Novell SUSE 2012:8359 xen-201211 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:05:01