Lucene search

[email protected]CVE-2008-5716

HistoryDec 24, 2008 - 6:29 p.m.

CVE-2008-5716

2008-12-2418:29:15

CWE-264

[email protected]

web.nvd.nist.gov

cve-2008-5716

xend

xen 3.3.0

guest vm

denial of service

security vulnerability

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

xend in Xen 3.3.0 does not properly restrict a guest VM’s write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

Affected configurations

NVD

Node

citrixxenMatch3.3.0

CPENameOperatorVersion
citrix:xencitrix xeneq3.3.0

CPE	Name	Operator	Version
citrix:xen	citrix xen	eq	3.3.0

References

lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html

lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html

openwall.com/lists/oss-security/2008/12/19/1

www.securityfocus.com/bid/31499

exchange.xforce.ibmcloud.com/vulnerabilities/47668

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.4%

JSON

Related for CVE-2008-5716

cvelist2 prion2 ubuntucve2 nvd2 nessus6 veracode1 cve1 openvas11 centos1 oraclelinux1 redhat1