Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-4405Citrix XEN vulnerability

CWE-26411 documents5 sources
Severity
7.2HIGHNVD
EPSS
0.9%
top 24.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Citrix XEN
Timeline
PublishedOct 3
Latest updateMay 17

Description

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDcitrix/xen3.0.3, 3.3.0+1

🔴Vulnerability Details

2
GHSA
GHSA-r6vm-2jmq-5wqx: xend in Xen 32022-05-17
GHSA
GHSA-ffpp-v4vp-9vvh: xend in Xen 32022-05-02

💥Exploits & PoCs

1
Exploit-DB
Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage2008-09-30

📋Vendor Advisories

2
Red Hat
xen: Incomplete upstream fix for CVE-2008-44052008-12-18
Red Hat
xen: Multiple unsafe uses of guest-writable data from xenstore2008-09-30

💬Community

4
Bugzilla
CVE-2008-5716 xen: Incomplete upstream fix for CVE-2008-44052009-01-06
Bugzilla
CVE-2008-4405 xen: Multiple unsafe uses of guest-writable data from xenstore [F9]2008-10-20
Bugzilla
CVE-2008-4405 xen: Multiple unsafe uses of guest-writable data from xenstore [F8]2008-10-20
Bugzilla
CVE-2008-4405 xen: Multiple unsafe uses of guest-writable data from xenstore2008-09-30