xend in Xen 3.0.3 does not properly limit the contents of the /local/domain
xenstore directory tree, and does not properly restrict a guest VM’s write
access within this tree, which allows guest OS users to cause a denial of
service and possibly have unspecified other impact by writing to (1)
console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this
issue was originally reported as an issue in libvirt 0.3.3 and xenstore,
but CVE is considering the core issue to be related to Xen.
Author | Note |
---|---|
jdstrand | per [email protected] on oss-security, this is a Xen issue, and libvirt, while affected, is fixed via the Xen patches |
kees | this only affects xen-utils-3.X, which is in universe |
jdstrand | original patch for CVE-2008-4405 introduced CVE-2008-5716 |
mdeslaur | xen-xenstore-permissions.patch in RHEL5 |