CVE-2008-5716 — Citrix XEN vulnerability

5 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 80.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Citrix XEN

Timeline

PublishedDec 24

Latest updateMay 17

Description

xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDcitrix/xen3.3.0

🔴Vulnerability Details

GHSA

GHSA-r6vm-2jmq-5wqx: xend in Xen 3↗2022-05-17

▶

📋Vendor Advisories

Red Hat

xen: Incomplete upstream fix for CVE-2008-4405↗2008-12-18

▶

💬Community

Bugzilla

CVE-2008-5716 xen: Incomplete upstream fix for CVE-2008-4405↗2009-01-06

▶

Bugzilla

CVE-2008-4405 xen: Multiple unsafe uses of guest-writable data from xenstore↗2008-09-30

▶