Denial of Service Vulnerability in Xen 3.3.0 by Citrix
CVE-2008-5716

Currently unrated

Key Information:

Vendor
Citrix
Status
Vendor
CVE Published:
24 December 2008

Summary

The xend component in Xen 3.3.0 lacks proper restrictions on a guest VM's write access within the /local/domain xenstore directory. This oversight permits users of the guest OS to potentially disrupt the service and may lead to other unspecified impacts. Specific areas affected include writing to the console/tty, console/limit, and image/device-model-pid, primarily due to erroneous permission settings in prior patches.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.