Upstream information

CVE-2013-0215 at MITRE

Description

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:A/AC:M/Au:N/C:P/I:N/A:P
Access Vector Adjacent Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact Partial

Note from the SUSE Security Team

The oxenstored is not built in our current XEN versions on SUSE Linux Enterprise up to 1... So we are not affected by this security problem.

SUSE Bugzilla entries: 800278 [RESOLVED / INVALID], 800799 [CLOSED / DUPLICATE]

No SUSE Security Announcements cross referenced.