Lucene search

Veracode Vulnerability DatabaseVERACODE:23424

HistoryApr 10, 2020 - 12:26 a.m.

Arbitrary Code Execution

2020-04-1000:26:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

xen is vulnerable to arbitrary code execution. Lack of adequate sanity-checking of data received via the “net socket listen” option. A malicious local administrator of a guest domain could trigger this flaw to potentially execute arbitrary code outside of the domain.

CPENameOperatorVersion
xeneq3.0.3__25.0.3.el5
xeneq3.0.3__25.el5
xeneq3.0.3__25.0.4.el5

Name	Operator	Version
xen	eq	3.0.3__25.0.3.el5
xen	eq	3.0.3__25.el5
xen	eq	3.0.3__25.0.4.el5

References

osvdb.org/42985

secunia.com/advisories/25073

secunia.com/advisories/25095

secunia.com/advisories/27486

secunia.com/advisories/29129

secunia.com/advisories/29963

taviso.decsystem.org/virtsec.pdf

www.attrition.org/pipermail/vim/2007-October/001842.html

www.debian.org/security/2007/dsa-1284

www.mandriva.com/security/advisories?name=MDKSA-2007:203

www.mandriva.com/security/advisories?name=MDVSA-2008:162

www.redhat.com/security/updates/classification/#important

www.redhat.com/support/errata/RHSA-2008-0194.html

www.securityfocus.com/bid/23731

www.vupen.com/english/advisories/2007/1597

access.redhat.com/errata/RHSA-2008:0194

exchange.xforce.ibmcloud.com/vulnerabilities/38239

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10000

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

Related for VERACODE:23424