Lucene search

Ubuntu.comUB:CVE-2012-4411

HistoryNov 23, 2012 - 12:00 a.m.

CVE-2012-4411

2012-11-2300:00:00

ubuntu.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest
administrators to obtain sensitive host resource information via the qemu
monitor. NOTE: this might be a duplicate of CVE-2007-0998.

Notes

Author	Note
mdeslaur	this is XSA-19
jdstrand	xen-qemu-dm-4.0 needs libxen-dev >= 4.0, but it isn’t available in 11.04, as a result, there are no binaries available in 11.04.
mdeslaur	seems disabled by default in 3.x

OSVersionArchitecturePackageVersionFilename
ubuntu11.10noarchxen< 4.1.1-2ubuntu4.4UNKNOWN
ubuntu12.04noarchxen< 4.1.2-2ubuntu2.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	11.10	noarch	xen	< 4.1.1-2ubuntu4.4	UNKNOWN
ubuntu	12.04	noarch	xen	< 4.1.2-2ubuntu2.4	UNKNOWN

References

lists.xen.org/archives/html/xen-announce/2012-09/msg00007.html

www.openwall.com/lists/oss-security/2012/09/06/2

launchpad.net/bugs/cve/CVE-2012-4411

nvd.nist.gov/vuln/detail/CVE-2012-4411

security-tracker.debian.org/tracker/CVE-2012-4411

www.cve.org/CVERecord?id=CVE-2012-4411

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:C/I:N/A:N

0.001 Low

EPSS

Percentile

26.9%

JSON

Related for UB:CVE-2012-4411