CVE Vulnerabilities

CVE-2008-5716

Published: Dec 24, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

xend in Xen 3.3.0 does not properly restrict a guest VMs write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

Affected Software

Name Vendor Start Version End Version
Xen Citrix 3.3.0 (including) 3.3.0 (including)

References