Lucene search

[email protected]CVE-2008-5716

HistoryDec 24, 2008 - 6:29 p.m.

CVE-2008-5716

2008-12-2418:29:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-5716

xend

xen 3.3.0

guest vm

denial of service

security vulnerability

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.1%

JSON

xend in Xen 3.3.0 does not properly restrict a guest VM’s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

CPENameOperatorVersion
citrix:xencitrix xeneq3.3.0

CPE	Name	Operator	Version
citrix:xen	citrix xen	eq	3.3.0

References

lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html

openwall.com/lists/oss-security/2008/12/19/1

www.securityfocus.com/bid/31499

exchange.xforce.ibmcloud.com/vulnerabilities/47668

6.8 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for CVE-2008-5716

prion2 ubuntucve2 cvelist2 nessus6 veracode1 cve1 openvas11 oraclelinux1 centos1 redhat1