QwikSec

Security Database

CVE

CWE

Training

CVE-2008-4405

Published: Oct 3, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

https://bugzilla.redhat.com/show_bug.cgi?id=464817

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_SECUNIA

[xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration

mailing-list

x_refsource_MLIST

SUSE-SR:2009:015

vendor-advisory

x_refsource_SUSE

[oss-security] 20080930 CVE Request (xen)

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70

x_refsource_CONFIRM

[xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:10627

vdb-entry

signature

x_refsource_OVAL

vdb-entry

x_refsource_SECTRACK

[oss-security] 20081004 Re: CVE Request (xen)

mailing-list

x_refsource_MLIST

https://bugzilla.redhat.com/show_bug.cgi?id=464818

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.