Denial of Service Vulnerability in Xen 3.3.0 by Citrix

CVE-2008-5716

Summary

The xend component in Xen 3.3.0 lacks proper restrictions on a guest VM's write access within the /local/domain xenstore directory. This oversight permits users of the guest OS to potentially disrupt the service and may lead to other unspecified impacts. Specific areas affected include writing to the console/tty, console/limit, and image/device-model-pid, primarily due to erroneous permission settings in prior patches.

References