Descriptionxend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SR:2009:015, published Tue, 15 Sep 2009 09:00:00 +0000
SUSE Timeline for this CVECVE page created: Fri Jun 28 06:56:49 2013
CVE page last modified: Sun Jul 2 00:21:42 2023