Xen 3.3 - XenStore Domain Configuration Data Unsafe Storage
| EKU-ID: 37356 | CVE: CVE-2008-4405;OSVDB-48894 | OSVDB-ID: |
| Author: Pascal Bouchareine | Published: 2008-09-30 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 37356 | CVE: CVE-2008-4405;OSVDB-48894 | OSVDB-ID: |
| Author: Pascal Bouchareine | Published: 2008-09-30 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/31499/info Xen is prone to a vulnerability that results in configuration information being stored in a location that is writable by guest domains. UPDATE (December 19, 2008): The initial proposed patches did not resolve this issue. Xen 3.3 is vulnerable; other versions may also be affected. #yum install xen # xenstore-write /local/domain/GUEST-DOMID/console/tty /i/am/the/evil/guest