Vulnerability CVE-2008-1952


Published: 2008-06-23   Modified: 2012-02-12

Description:
The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Xensource -> Xen para virtualized frame buffer 

 References:
http://xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721
http://www.openwall.com/lists/oss-security/2008/05/21/9
https://rhn.redhat.com/errata/RHSA-2008-0892.html
http://xforce.iss.net/xforce/xfdb/43362
http://www.securitytracker.com/id?1020957
http://www.securityfocus.com/bid/30646
http://secunia.com/advisories/32088
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11189
http://lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html

Copyright 2024, cxsecurity.com

 

Back to Top