VDB
CVE-2008-4405
CVE-2008-4405
PUBLISHED
Reported by mitre · Published October 3, 2008
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Oct 3, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- ADV-2008-2709 vdb-entryx_refsource_VUPEN
- x_refsource_CONFIRM
- MDVSA-2009:016 vendor-advisoryx_refsource_MANDRIVA
- 32064 third-party-advisoryx_refsource_SECUNIA
- [xen-devel] 20080930 [PATCH] [Xend] Move some backend configuration mailing-listx_refsource_MLIST
- SUSE-SR:2009:015 vendor-advisoryx_refsource_SUSE
- [oss-security] 20080930 CVE Request (xen) mailing-listx_refsource_MLIST
- RHSA-2009:0003 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- [xen-devel] 20080930 Re: [PATCH] [Xend] Move some backend configuration mailing-listx_refsource_MLIST
- 31499 vdb-entryx_refsource_BID
- oval:org.mitre.oval:def:10627 vdb-entrysignaturex_refsource_OVAL
- 1020955 vdb-entryx_refsource_SECTRACK
- [oss-security] 20081004 Re: CVE Request (xen) mailing-listx_refsource_MLIST
- x_refsource_CONFIRM