Upstream information
Description
oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) or obtain sensitive control-plane data by leveraging guest administrative access.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.3 |
| Vector | AV:A/AC:M/Au:N/C:P/I:N/A:P |
| Access Vector | Adjacent Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | Partial |
Note from the SUSE Security Team
The oxenstored is not built in our current XEN versions on SUSE Linux Enterprise up to 1... So we are not affected by this security problem. SUSE Bugzilla entries: 800278 [RESOLVED / INVALID], 800799 [CLOSED / DUPLICATE] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Fri Jun 28 13:16:40 2013CVE page last modified: Fri Oct 7 12:46:22 2022