CVE-2008-4405

Published: 3 October 2008

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Notes

Author	Note
jdstrand	per berrange@redhat.com on oss-security, this is a Xen issue, and libvirt, while affected, is fixed via the Xen patches
kees	this only affects xen-utils-3.X, which is in universe
jdstrand	original patch for CVE-2008-4405 introduced CVE-2008-5716
mdeslaur	xen-xenstore-permissions.patch in RHEL5

Priority

Status

Package	Release	Status
xen Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Not vulnerable
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	saucy	Not vulnerable
	upstream	Needs triage
xen-3.0 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Ignored (end of life, was needs-triage)
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Needs triage
xen-3.1 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Ignored (end of life, was needed)
	hardy	Ignored (end of life)
	intrepid	Ignored (end of life, was needed)
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Needs triage
	Patches: upstream: http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Ignored (end of life)
	intrepid	Does not exist
	jaunty	Does not exist
	karmic	Does not exist
	lucid	Does not exist
	maverick	Does not exist
	natty	Does not exist
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Needs triage
	Patches: upstream: http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
	Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3 Launchpad, Ubuntu, Debian	dapper	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Ignored (end of life, was needed)
	jaunty	Ignored (end of life)
	karmic	Ignored (end of life)
	lucid	Ignored (end of life)
	maverick	Ignored (end of life)
	natty	Ignored (end of life)
	oneiric	Does not exist
	precise	Does not exist
	quantal	Does not exist
	raring	Does not exist
	saucy	Does not exist
	upstream	Needs triage
	Patches: upstream: http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70
	Binaries built from this source package are in Universe and so are supported by the community.

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›