Permissions, Privileges, and Access Controls in xen (Alpine package)
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2013-2211 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
xen (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU32658
Risk: Medium
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2013-2211
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to execute arbitrary code.
The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsxen (Alpine package): 4.1.4-r4
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=386d947eaf640de1a5515087a2b65d5960e5624b
https://git.alpinelinux.org/aports/commit/?id=638e4f7ceb5b5a8b9f9c7c3206fcd9e7c39d2bee
https://git.alpinelinux.org/aports/commit/?id=c78cd179455d0b332fcc2d9cbe05cf71876ec239
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
