[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-2152Date: (C)2015-03-25   (M)2023-12-22


Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 1.9
Exploit Score: 3.4
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1031806
SECTRACK-1031919
BID-73068
FEDORA-2015-3721
FEDORA-2015-3935
FEDORA-2015-3944
GLSA-201504-04
http://xenbits.xen.org/xsa/advisory-119.html
openSUSE-SU-2015:0732

CPE    3
cpe:/o:fedoraproject:fedora:20
cpe:/o:fedoraproject:fedora:21
cpe:/o:fedoraproject:fedora:22
CWE    1
CWE-264
OVAL    13
oval:org.secpod.oval:def:108686
oval:org.secpod.oval:def:109402
oval:org.secpod.oval:def:109225
oval:org.secpod.oval:def:108546
...

© SecPod Technologies