[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-4405Date: (C)2008-10-03   (M)2023-12-22


xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1020955
BID-31499
SECUNIA-32064
ADV-2008-2709
MDVSA-2009:016
RHSA-2009:0003
SUSE-SR:2009:015
http://openwall.com/lists/oss-security/2008/09/30/6
http://www.openwall.com/lists/oss-security/2008/10/04/3
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html
http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
https://bugzilla.redhat.com/show_bug.cgi?id=464817
https://bugzilla.redhat.com/show_bug.cgi?id=464818
oval:org.mitre.oval:def:10627

CWE    1
CWE-264
OVAL    3
oval:org.secpod.oval:def:500648
oval:org.secpod.oval:def:202105
oval:org.secpod.oval:def:202020

© SecPod Technologies