1. Home
  2. CVE Database
  3. CVE-2008-5716
HIGH · 7.2

CVE-2008-5716

xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unsp...

Vulnerability Description

xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue exists because of erroneous set_permissions calls in the fix for CVE-2008-4405.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
CitrixXen3.3.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2008-5716?

CVE-2008-5716 is a vulnerability with a CVSS score of 7.2 (HIGH). xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unsp...

How severe is CVE-2008-5716?

CVE-2008-5716 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-5716?

Check the references section above for vendor advisories and patch information. Affected products include: Citrix Xen.