Denial of Service Vulnerability in Xen 3.3.0 by Citrix
CVE-2008-5716

Currently unrated

Key Information:

Vendor: Citrix
Status: Xen
Vendor: CVE Published:; 24 December 2008

What is CVE-2008-5716?

The xend component in Xen 3.3.0 lacks proper restrictions on a guest VM's write access within the /local/domain xenstore directory. This oversight permits users of the guest OS to potentially disrupt the service and may lead to other unspecified impacts. Specific areas affected include writing to the console/tty, console/limit, and image/device-model-pid, primarily due to erroneous permission settings in prior patches.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47668

vdb-entryx_refsource_XF

http://lists.xensource.com/archives/html/xen-devel/2008-1...

mailing-listx_refsource_MLIST

http://lists.xensource.com/archives/html/xen-devel/2008-1...

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2008
Vulnerability Reserved
Dec 24, 2008