CVE-2008-4405 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-4405
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-4405

Description: xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

CVE Status: Candidate

References: SUSE http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html ST 1020955 SAID Secunia Advisory: SA32064 MLIST http://www.openwall.com/lists/oss-security/2008/10/04/3 http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 CONFIRM http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70 BID 31499

Return to the previous page.