CVE-2008-4405: CVE-2008-4405

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2008-4405

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Xen XenStore Domain 配置数据不安全储存漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

xend in Xen没有适当的限制/local/domain xenstore目录树的容量,也没有限制来访的VM在目录树的写入权限，这使得一个客户操作系统用户通过向console/tty,console/limit, 或者image/device-model-pid进行写入导致一次拒绝服务攻击和可能其他的未明影响。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2008-4405

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2008-4405

Please Login to view more intelligence information

https://bugzilla.redhat.com/show_bug.cgi?id=464818x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=464817x_refsource_CONFIRM
http://xenbits.xensource.com/staging/xen-3.3-testing.hg?rev/e0e17216ba70x_refsource_CONFIRM
http://secunia.com/advisories/32064third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31499vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1020955vdb-entryx_refsource_SECTRACK
http://www.vupen.com/english/advisories/2008/2709vdb-entryx_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016vendor-advisoryx_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2009-0003.htmlvendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlvendor-advisoryx_refsource_SUSE
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10627vdb-entrysignaturex_refsource_OVAL
http://openwall.com/lists/oss-security/2008/09/30/6mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2008/10/04/3mailing-listx_refsource_MLIST
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00992.htmlmailing-listx_refsource_MLIST
http://lists.xensource.com/archives/html/xen-devel/2008-09/msg00994.htmlmailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2008-4405

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2008-4405

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2008-4405

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2008-4405

III. Intelligence Information for CVE-2008-4405

New Vulnerabilities

V. Comments for CVE-2008-4405

Leave a comment