Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0215

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0215
Last Modified 10 Oct 2013 11:48:28
Published 07 Mar 2013 12:04:44
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector ADJACENT_NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0215

Summary

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

Vulnerable Systems

Operating System

  • Xen 4.1.0

  • Xen 4.1.1

  • Xen 4.1.2

  • Xen 4.1.3

  • Xen 4.1.4

  • Xen 4.2.0

  • Xen 4.2.1


References

CONFIRM - http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=61401264eb00fae4ee4efc8e9a5067449283207b

CONFIRM - http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5

MLIST - [oss-security] 20130205 Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states

GENTOO - GLSA-201309-24

SECUNIA - 55082


Last Updated: 27 May 2016 11:02:00