Main Vulnerability Database Vulnerabilities #VU32658

Permissions, Privileges, and Access Controls in Xen - CVE-2013-2211

Published: August 29, 2013 / Updated: July 28, 2020

Vulnerability identifier: #VU32658

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-2211

CWE-ID: CWE-264

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a remote #AU# to execute arbitrary code.

The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and 4.2.x uses weak permissions for xenstore keys for paravirtualised and emulated serial console devices, which allows local guest administrators to modify the xenstore value via unspecified vectors.

How to mitigate CVE-2013-2211

Install update from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://www.debian.org/security/2014/dsa-3006
http://www.openwall.com/lists/oss-security/2013/06/25/1
http://www.openwall.com/lists/oss-security/2013/06/26/4

Permissions, Privileges, and Access Controls in Xen - CVE-2013-2211

Detailed vulnerability description

How to mitigate CVE-2013-2211

Sources

Please verify you're human