CVE-2013-0215

Severity

43%

Complexity

55%

Confidentiality

81%

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: adjacent_network. CVSS Attack Complexity: medium. CVSS Vector: (AV:A/AC:M/Au:N/C:P/I:N/A:P).

Overview

Type

Xen

First reported 11 years ago

2013-03-07 05:04:00

Last updated 11 years ago

2013-10-11 03:48:00

Affected Software

Xen 4.1.0

4.1.0

Xen 4.1.1

4.1.1

Xen 4.1.2

4.1.2

Xen 4.1.3

4.1.3

Xen 4.1.4

4.1.4

Xen 4.2.0

4.2.0

Xen 4.2.1

4.2.1

References

[oss-security] 20130205 Xen Security Advisory 38 (CVE-2013-0215) - oxenstored incorrect handling of certain Xenbus ring states

55082

GLSA-201309-24

http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=40f9c5e0a6d15b4ca1f6d4ed3a46f0871520eab5

Patch

http://xenbits.xen.org/gitweb/?p=xen.git;a=commit;h=61401264eb00fae4ee4efc8e9a5067449283207b

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.