Lucene search
Ubuntu.comUB:CVE-2008-4405HistoryOct 03, 2008 - 12:00 a.m.
CVE-2008-4405
2008-10-0300:00:00
ubuntu.com
ubuntu.com
10
0.001 Low
EPSS
Percentile
36.0%
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain
xenstore directory tree, and does not properly restrict a guest VM’s write
access within this tree, which allows guest OS users to cause a denial of
service and possibly have unspecified other impact by writing to (1)
console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this
issue was originally reported as an issue in libvirt 0.3.3 and xenstore,
but CVE is considering the core issue to be related to Xen.
Notes
| Author | Note |
|---|---|
| jdstrand | per [email protected] on oss-security, this is a Xen issue, and libvirt, while affected, is fixed via the Xen patches |
| kees | this only affects xen-utils-3.X, which is in universe |
| jdstrand | original patch for CVE-2008-4405 introduced CVE-2008-5716 |
| mdeslaur | xen-xenstore-permissions.patch in RHEL5 |
Related
prion
prion
Design/Logic Flaw
2008-12-24 18:29:00
Design/Logic Flaw
2008-10-03 17:41:00
cve
cve
CVE-2008-5716
2008-12-24 18:29:00
CVE-2008-4405
2008-10-03 17:41:00
cvelist
cvelist
CVE-2008-5716
2008-12-24 17:00:00
CVE-2008-4405
2008-10-03 17:18:00
ubuntucve
ubuntucve
CVE-2008-5716
2008-12-24 00:00:00
nessus
nessus
CentOS 5 : xen (CESA-2009:0003)
2010-01-06 00:00:00
Oracle Linux 5 : xen (ELSA-2009-0003)
2013-07-12 00:00:00
RHEL 5 : xen (RHSA-2009:0003)
2009-01-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:28:26
openvas
openvas
CentOS Security Advisory CESA-2009:0003 (xen)
2009-01-13 00:00:00
Oracle: Security Advisory (ELSA-2009-0003)
2015-10-08 00:00:00
RedHat Security Advisory RHSA-2009:0003
2009-01-07 00:00:00
oraclelinux
oraclelinux
xen security and bug fix update
2009-01-07 00:00:00
centos
centos
xen security update
2009-01-08 22:07:32
redhat
redhat
(RHSA-2009:0003) Moderate: xen security and bug fix update
2009-01-07 00:00:00