Lucene search

[email protected]CVE-2013-0215

HistoryMar 07, 2013 - 5:04 a.m.

CVE-2013-0215

2013-03-0705:04:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-0215

xen

denial of service

memory consumption

data exposure

security vulnerability

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

55.1%

JSON

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

CPENameOperatorVersion
xen:xenxeneq4.1.2
xen:xenxeneq4.1.1
xen:xenxeneq4.1.0
xen:xenxeneq4.1.3
xen:xenxeneq4.1.4
xen:xenxeneq4.2.0
xen:xenxeneq4.2.1

CPE	Name	Operator	Version
xen:xen	xen	eq	4.1.2
xen:xen	xen	eq	4.1.1
xen:xen	xen	eq	4.1.0
xen:xen	xen	eq	4.1.3
xen:xen	xen	eq	4.1.4
xen:xen	xen	eq	4.2.0
xen:xen	xen	eq	4.2.1

References

openwall.com/lists/oss-security/2013/02/05/10

secunia.com/advisories/55082

security.gentoo.org/glsa/glsa-201309-24.xml

xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5

xenbits.xen.org/gitweb/?p=xen.git%3Ba=commit%3Bh=61401264eb00fae4ee4efc8e9a5067449283207b

6.2 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:M/Au:N/C:P/I:N/A:P

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2013-0215

ubuntucve1 cvelist1 prion1 debiancve1 xen1 nessus7 openvas55 fedora28 gentoo1