Xen xend xenstore directory tree denial of service
| xen-xend-xenstore-dos (47668) |  Medium Risk |
Description:
Xen could allow a local attacker to cause a denial of service, caused by improper restrictions on a guest VM's access to the /local/domain xenstore directory tree by xend. An attacker could exploit this vulnerability by writing to the console/tty, console/limit, or image/device-model-pid.
*CVSS:
| Base Score: | 3.6 |
| Access Vector: | Local |
| Access Complexity: | Low |
| Authentication: | None |
| Confidentiality Impact: | None |
| Integrity Impact: | Partial |
| Availability Impact: | Partial |
| Temporal Score: | 2.8 |
| Exploitability: | Unproven |
| Remediation Level: | Temporary-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Apply the patch for this vulnerability, as listed in the Xen-devel Mailing List posting dated Thu, 18 Dec 2008 15:53:07 +0000. See References.
References:
- oss-security Mailing List, Fri, 19 Dec 2008 10:59:40 +0100: CVE Request -- Xen (Upstream patch for CVE-2008-4405 is incomplete) .
- Xen-devel Mailing List, Thu, 18 Dec 2008 15:53:07 +0000: PATCH: Actually make /local/domain/$DOMID readonly to the gu.
- BID-31499: Xen XenStore Domain Configuration Data Unsafe Storage Vulnerability
- CVE-2008-5716: xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
Platforms Affected:
- XenSource Xen 3.3.0
Reported:
Dec 18, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.