Lucene search

K

[email protected]NVD:CVE-2008-5716

HistoryDec 24, 2008 - 6:29 p.m.

CVE-2008-5716

2008-12-2418:29:15

CWE-264

[email protected]

web.nvd.nist.gov

2

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

36.4%

xend in Xen 3.3.0 does not properly restrict a guest VM’s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

Affected configurations

NVD

Node

citrixxenMatch3.3.0

References

lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html

openwall.com/lists/oss-security/2008/12/19/1

www.securityfocus.com/bid/31499

exchange.xforce.ibmcloud.com/vulnerabilities/47668

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

36.4%

Related for NVD:CVE-2008-5716

cvelist2 cve2 prion2 ubuntucve2 nessus6 nvd1 veracode1 openvas11 redhat1 centos1 oraclelinux1