Lucene search

K

PRIOn knowledge basePRION:CVE-2008-5716

HistoryDec 24, 2008 - 6:29 p.m.

Design/Logic Flaw

2008-12-2418:29:00

PRIOn knowledge base

www.prio-n.com

5

7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.6%

xend in Xen 3.3.0 does not properly restrict a guest VM’s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

CPENameOperatorVersion
xeneq3.3.0

References

lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html

openwall.com/lists/oss-security/2008/12/19/1

www.securityfocus.com/bid/31499

exchange.xforce.ibmcloud.com/vulnerabilities/47668

7 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

24.6%

Related for PRION:CVE-2008-5716

cve2 cvelist2 ubuntucve2 nessus6 veracode1 prion1 openvas11 oraclelinux1 centos1 redhat1