Denial of Service Vulnerability in Xen Hypervisor
CVE-2008-4405

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 3 October 2008

Summary

The Xen hypervisor version 3.0.3 has a vulnerability where the xend component fails to adequately restrict the contents of the /local/domain xenstore directory tree. This improper configuration allows a guest virtual machine (VM) to write to sensitive areas such as console/tty, console/limit, and image/device-model-pid. As a result, malicious users within the guest OS may exploit this flaw to create a denial of service situation, potentially affecting the availability of the host or other VMs. The issue is notable for its implications on VM security and resource management within virtualized environments.

References

http://www.vupen.com/english/advisories/2008/2709

vdb-entryx_refsource_VUPEN

https://bugzilla.redhat.com/show_bug.cgi?id=464817

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

Timeline

Vulnerability published
Oct 3, 2008
Vulnerability Reserved
Oct 3, 2008