Denial of Service Vulnerability in Xen 3.3.0 by Citrix
CVE-2008-5716
Currently unrated
Summary
The xend component in Xen 3.3.0 lacks proper restrictions on a guest VM's write access within the /local/domain xenstore directory. This oversight permits users of the guest OS to potentially disrupt the service and may lead to other unspecified impacts. Specific areas affected include writing to the console/tty, console/limit, and image/device-model-pid, primarily due to erroneous permission settings in prior patches.
References
Timeline
Vulnerability published
Vulnerability Reserved