CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5716
https://notcve.org/view.php?id=CVE-2008-5716
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405. xend en Xen 3.3.0 no restringe adecuadamente el acceso de escritura de una máquina virtual invitada en el árbol de directorios xenstore /local/domain, lo que permite a usuarios del sistema operativo visitantes provocar una denegación de servicio y posiblemente tener otro impacto no especificado escribiendo en (1) console/tty, (2) console/limit, o (3) image/device-model-pid. NOTA: este problema existe debido a llamadas set_permissions erróneas en el parche para CVE-2008-4405. • http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00842.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00845.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00846.html http://lists.xensource.com/archives/html/xen-devel/2008-12/msg00847.html http://openwall.com/lists/oss-security/2008/12/19/1 http://www.securityfocus.com/bid/31499 https://exchange.xforce.ibmcloud.com/vulnerabilities/47668 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2008-4993 – xen: insecure temporary file use in qemu-dm.debug
https://notcve.org/view.php?id=CVE-2008-4993
qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/args temporary file. qemu-dm.debug en Xen v3.2.1 permite a usuarios locales sobrescribir ficheros de su elección a través de un ataque de enlace simbólico al fichero temporal /tmp/args. • http://bugs.debian.org/496367 http://dev.gentoo.org/~rbu/security/debiantemp/xen-utils-3.2-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/30/2 http://www.redhat.com/support/errata/RHSA-2009-0003.html https://bugs.gentoo.org/show_bug.cgi?id=235770 https://bugs.gentoo.org/show_bug.cgi?id=235805 https://exchange.xforce.ibmcloud.com/vulnerabilities/46545 https://oval.cisecurity.org/repository/search&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-377: Insecure Temporary File •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4405 – Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
https://notcve.org/view.php?id=CVE-2008-4405
xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen. libvirt v0.3.3 se basa en ficheros localizados bajo subdirectorios de /local/domain en xenstore a pesar de la falta de protección contra modificaciones introducida por Xen en máquinas virtuales invitado, lo cual permite a usuarios del sistema operativo (SO) huésped tener un impacto desconocido, como lo demostrado mediante la escritura en (1) consola de texto (console/tty) o (2) el puerto VNC para el gráfico framebuffer. • https://www.exploit-db.com/exploits/32446 http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.html http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.html http://openwall.com/lists/oss-security/2008/09/30/6 http://secunia.com/advisories/32064 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.openwall.com/lists/oss-security/2008/10/04/3 http&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3687
https://notcve.org/view.php?id=CVE-2008-3687
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall. Un desbordamiento de búfer basado en pila en la función flask_security_label en Xen 3.3, cuando se compila con el modulo XSM:FLASK, permite que usuarios del dominio (domU) sin privilegios puedan ejecutar código arbitrario a través de la hiperllamada flask_op. • http://invisiblethingslab.com/bh08/part2.pdf http://secunia.com/advisories/31561 http://theinvisiblethings.blogspot.com/2008/08/our-xen-0wning-trilogy-highlights.html http://www.nabble.com/-PATCH--XSM--FLASK--Argument-handling-bugs-in-XSM:FLASK-to18536032.html http://www.securityfocus.com/bid/30834 http://www.securitytracker.com/id?1020731 http://www.vupen.com/english/advisories/2008/2426 http://xenbits.xensource.com/xen-3.3-testing.hg?rev/fa66b33f975a https://exchange.xforce.ibmcloud • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0CVE-2008-1943 – PVFB backend fails to validate frontend's framebuffer description
https://notcve.org/view.php?id=CVE-2008-1943
Buffer overflow in the backend of XenSource Xen Para Virtualized Frame Buffer (PVFB) 3.0 through 3.1.2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted description of a shared framebuffer. Un desbordamiento de búfer en el backend de XenSource Xen Para Virtualized Frame Buffer (PVFB) versiones 3.0 hasta 3.1.2, permite a usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de una descripción diseñada de una framebuffer compartida. • http://secunia.com/advisories/29963 http://secunia.com/advisories/30781 http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/29183 http://www.securitytracker.com/id?1020008 http://www.vupen.com/english/advisories/2008/1900/references https://bugzilla.redhat.com/show_bug.cgi?id=443078 https://exchange.xforce.ibmcloud.com/vulnerabilities/42387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10338 https://access.r • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •