Vulnerability Details : CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.
Vulnerability category: Denial of service
Products affected by CVE-2008-5716
- cpe:2.3:a:citrix:xen:3.3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5716
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 25 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-5716
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5716
-
Red Hat 2009-01-07Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. Security update released to address CVE-2008-4405 - https://rhn.redhat.com/errata/RHSA-2009-0003.html - contained correct patch which did not introduce this problem and resolved the original issue.
References for CVE-2008-5716
-
http://www.securityfocus.com/bid/31499
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47668
-
http://openwall.com/lists/oss-security/2008/12/19/1
-
http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html
-
http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html
-
http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html
-
http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html
Jump to