Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2008-4405

Published: 03/10/2008 Updated: 29/09/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Citrix

Vulnerability Summary

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Vulnerable Product Search on Vulmon Subscribe to Product

citrix xen 3.0.3

Vendor Advisories

Red Hat: Moderate: xen security and bug fix update
Synopsis Moderate: xen security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated xen packages that resolve several security issues and a bug are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response ...

Exploits

Exploit DB: Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
source: wwwsecurityfocuscom/bid/31499/info Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue Xen 33 is vulnerable; other versions may also be affected #yum install ...

References

CWE-264http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.htmlhttp://openwall.com/lists/oss-security/2008/09/30/6http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70https://bugzilla.redhat.com/show_bug.cgi?id=464818http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.htmlhttp://www.securitytracker.com/id?1020955http://secunia.com/advisories/32064http://www.openwall.com/lists/oss-security/2008/10/04/3http://www.securityfocus.com/bid/31499http://www.mandriva.com/security/advisories?name=MDVSA-2009:016http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlhttp://www.vupen.com/english/advisories/2008/2709https://bugzilla.redhat.com/show_bug.cgi?id=464817http://www.redhat.com/support/errata/RHSA-2009-0003.htmlhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627https://access.redhat.com/errata/RHSA-2009:0003https://nvd.nist.govhttps://www.exploit-db.com/exploits/32446/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook